-1

I got the same uid and euid even though the file belongs to root and has the suid bit set. Does anybody know how to make a test case to let getuid() and geteuid() return different results? Thanks.

$ cat main.py 
#!/usr/bin/env python3

import os
print(os.getuid())
print(os.geteuid())
$ dir
total 4.0K
-rwsr-xr-x 1 root staff 154 2021/02/02-10:48:27 main.py
$ ./main.py 
504
504
$ id

EDIT: I tried a C program. uid and euid are still the same.

$ cat main.c
// vim: set noexpandtab tabstop=2:
#include <unistd.h>
#include <sys/types.h>
#include <stdio.h>

int main() {
    uid_t uid = getuid();
    uid_t euid = getuid();
    printf("%d\n", uid);
    printf("%d\n", euid);
}
$ ls -l ./main.exe
-rwsr-xr-x 1 root dialout 16656 Feb  2 12:14 ./main.exe
$ ./main.exe
504
504
Antti Haapala -- Слава Україні
  • 129,958
  • 22
  • 279
  • 321
user1424739
  • 11,937
  • 17
  • 63
  • 152
  • My guess is that the setuid flag doesn't affect the outcome because it isn't your script that is running, but rather the python interpreter. – CryptoFool Feb 02 '21 at 17:03
  • I've tried a C program. But it still the same. – user1424739 Feb 02 '21 at 17:16
  • 1
    This is not the "stick" bit. The *sticky* bit is the `t` character in the symbolic mode usually used for `/tmp`. This is the s(et)uid bit. – Antti Haapala -- Слава Україні Feb 02 '21 at 17:39
  • It's not the [sticky bit](https://en.wikipedia.org/wiki/Sticky_bit). The sticky bit is used on directories like `/tmp` to allow only the owner of a file to rename or delete that file. On executables, the sticky bit is archaic and was used to tell the system to keep the image in memory after program execution ended - hence the name "sticky bit". You're using the **setuid bit** – Andrew Henle Feb 02 '21 at 17:40
  • So `s` in mode is stick bit for directory, but setuid bit for a file? – user1424739 Feb 02 '21 at 18:55

1 Answers1

2

Typo!

uid_t euid = getuid();

should read

uid_t euid = geteuid();

Then the C program will work. Don't make setuid #! scripts. That's not implemented for security reasons.

The suidperl story contains within it the description of why setuid won't work on #! scripts.

Joshua
  • 40,822
  • 8
  • 72
  • 132
  • So essentially, euid will be the owner of the binary being run when the sticky bit is set. There is no other ways to let euid be the same as the owner (supposed to be different the current login user) of the stick bit is not set? – user1424739 Feb 02 '21 at 17:25
  • @user1424739: Why would you expect another way besides using the feature built for the purpose? – Joshua Feb 02 '21 at 17:57
  • I didn't know that the setuid bit was the way designed for it. Since it is designed to be so, then there should be no other ways. – user1424739 Feb 02 '21 at 18:55
  • @user1424739: There are other ways, and they're horrible and no one should use them. – Joshua Feb 02 '21 at 18:56