0

I created a VERY simple script:

//#escalate.c - a setuid utility so that we can call shutdown
//# and other things safely without needing root access.  We 
//# do need to:
//#   gcc escalate.c -o escalate.out
//#   sudo chown root:root escalate.out
//#   sudo chmod 4755 escalate.out

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>
#include <errno.h>

int main()
{
    int status;
    status = setuid( 0 );   // you can set it at run time also
    system("date > /tmp/date.fil");
    return errno;
 }

On Raspian it generates the file in /tmp, owned by the root and returns 0 as expected.

On Ubuntu 22 it created the file owned by ME and the return status is 1. What am I missing about setuid(0); ?

I tried creating, modifying the permissions and ownership etc. On Raspian it works like a charm, on Ubuntu it does not.

================== OK - solved it myself. On Ubuntu I was running with an encrypted home and so it was mounted with nosuid set.

jpmh
  • 11
  • 2
  • You said the "return status" is 1 but are you talking about `int status;` or `errno`? You aren't printing `status` at all so how do you know its value? Could you run `ls -l escalate.out` on both systems so we can check the permissions? Also maybe you should just use the `sudoers` file: you can configure it to allow certain users to run certain commands and nothing else. – David Grayson Nov 23 '22 at 19:40
  • Both `setuid` and `system` use return values and `errno` to communicate their errors so the way you are doing your error handling will make it hard to tell what's going on. I would recommend checking the return value of each of these function calls and if it indicates an error, then you should print the info you have about the error and end the program before doing anything else. – David Grayson Nov 23 '22 at 19:44
  • I was getting errno as the return status. This is why I did not need to print it. – jpmh Nov 23 '22 at 20:05
  • But, it is slved now = the problem was a nosuid mount – jpmh Nov 23 '22 at 20:05
  • You were returning `errno` from main but you were not allowing yourself to know whether that error came from `setuid` or `system`, which makes troubleshooting difficult. Also the range of process return codes is 0 to 255 and I wouldn't trust `errno` to *always* be in that range. – David Grayson Nov 23 '22 at 22:14

1 Answers1

1

the problem was that the file system was mounted nosuid

jpmh
  • 11
  • 2
  • As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Nov 26 '22 at 16:33