Executable with setuid does not find shared library

Question

guys.

Here's my problem :

I have an executable which needs to create a folder in a particular emplacement in the system.

I'd like it to be able to do so no matter who execute it.

My idea was to give the parent folder (the one the executable needs to create folders in) to a user, and the executable to the same user. Then set the setuid bit on the executable. That way, the executable is executed with the rights of that user, thus it has the rights on the folder.

Here's the thing : the executable uses a shared library which is just beside it.

When I launch it without the setuid bit, everything works fine (well, except the creation of the folder, obviously, but the executable is launched).

When I launch it with the setuid bit, however, the system tells me it can't find the shared library, which has not been moved, obviously, and which have read and execute rights for everyone.

What's happening ? What am I missing ?

Thank you.

Have you solved this issue? – Abdo Saied Anwar Feb 16 '22 at 09:38 — Abdo Saied Anwar, Feb 16 '22 at 09:38

score 0 · Answer 1 · answered Jul 21 '18 at 21:35

needs to create a folder in a particular emplacement in the system.

There are no folders on UNIX systems, the proper name is "directory".

Then set the setuid bit on the executable

In general, this is a very bad idea (TM). Writing code that will run as part of setuid executable correctly requires a lot of care, and the fact that you are asking this question indicates that you are probably not ready to perform this task.

When I launch it without the setuid bit, everything works fine

How does the binary find its required shared library?

Most likely you set LD_LIBRARY_PATH to include the directory in which the shared library resides.

When I launch it with the setuid bit, however, the system tells me it can't find the shared library,

If my LD_LIBRARY_PATH guess is correct, this is expected: setuid binaries ignore LD_LIBRARY_PATH (for obvious security reasons).

You can fix this by using -Wl,--rpath='$ORIGIN' while linking the executable and unsetting LD_LIBRARY_PATH -- the executable should now work with or without setuid bit.

Can you please clarify this sentence more "Writing code that will run as part of setuid executable correctly requires a lot of care". Any resources or tutorials that can be helpful? — Abdo Saied Anwar, Feb 16 '22 at 09:44

Executable with setuid does not find shared library

1 Answers1