setuid: operation not supported

Question

package main

import (
        "log"
        "syscall"
)

func main() {
        setuidErr := syscall.Setuid(0)
        if setuidErr != nil {
                log.Fatal(setuidErr)
        }
}

When I run above code, I get the following error:

operation not supported
exit status 1

go version: 1.15.5

Can anyone help me?

Bakurits · Accepted Answer · 2020-11-19T10:19:57.090

2

Here is a quote from the official documentation

On Linux Setuid and Setgid only affects the current thread, not the process. This does not match what most callers expect so we must return an error here rather than letting the caller think that the call succeeded.

A possible solution is in this commit

edited Nov 19 '20 at 10:19

answered Nov 19 '20 at 09:38

Bakurits

402
3
11

That commit was applied to go1.16. See my answer for an explanation of how to use it. – Tinkerer Jun 26 '21 at 16:05

score 2 · Answer 2 · answered Mar 02 '21 at 16:18

syscall.Setuid() is fixed in go 1.16 on Linux. You can download go 1.16 as follows:

$ go get golang.org/dl/go1.16
$ ~/go/bin/go1.16 download

Try compiling with:

$ ~/go/bin/go1.16 build prog.go

You will get a different error: "operation not permitted". This is the kernel preventing trivial privilege escalation...

You want to do one or the other of:

$ sudo /sbin/setcap cap_setuid=ep ./prog

Or,

$ sudo chown root ./prog
$ sudo chmod +s ./prog

Now, when you run the command it won't log the error:

$ ./prog
$ echo $?
0

setuid: operation not supported

2 Answers2

Linked