C cannot endors another user permissions using setresuid

Question

I wrote the following code expecting to spawn a /bin/sh from another user.

#define _GNU_SOURCE
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
int main(int argc, char **argv, char **envp)
{
        setresgid(getegid(), getegid(), getegid());
        setresuid(geteuid(), geteuid(), geteuid());

        execve("/bin/sh", argv,  envp);
        return 0;
}

I then changed the owner to match with my target user and changed permissions (too much, I know)

chown usertarget:globalgroup ./shell
chmod 777 ./shell
chmod +s ./shell

ls -lah shell

Everything is fine according to me. However, It keeps opening a shell as my current user, not the target one.

I already tried to hardcode the userid of my target user and a few other things (setuid function, ...) but nothing seems to work...

Anyone has an idea or anything that could help me investigate this problem ?

EDIT #1

baseuser@machine:/tmp/tata$ ls -lah shell2
-rwsrwsrwx 1 targetuser globalgroup 7.2K Aug 18 18:21 shell2

baseuser@machine:/tmp/tata$ id
uid=1507(baseuser) gid=1314(globalgroup) groups=1314(globalgroup),100(users)

baseuser@machine:/tmp/tata$ ls -lah shell2
-rwsrwsrwx 1 targetuser globalgroup 7.2K Aug 18 18:21 shell2

baseuser@machine:/tmp/tata$ ./shell2

====== WELCOME USER ======
baseuser@machine:/tmp/tata$ id -a
uid=1507(baseuser) gid=1314(globalgroup) groups=1314(globalgroup),100(users)
baseuser@machine:/tmp/tata$

Can't reproduce. Please copy/paste your shell output showing the file permission and the output of the `id -a` command after running `./shell`. — dbush, Aug 18 '22 at 14:48
Well i dont know how to format code in comment, edit is in the thread — user19793459, Aug 18 '22 at 16:36

score 0 · Answer 1 · answered Nov 17 '22 at 11:33

0

Well in facts, the parition was mounted with nosuid option. This can be checked through mount command

answered Nov 17 '22 at 11:33

user19793459

1
2

C cannot endors another user permissions using setresuid

1 Answers1