Setuid Program with (-rwsr-sr-x 1 root other ) UID/EUID issue

0ktalmagik · August 16, 2006, 8:28pm

Hi,

I have a program with the following suid setup
-rwsr-sr-x 1 root other 653 Aug 16 17:00 restart_server

It basically starts up a service that has to be started by root. I just want the normal users to be able to restart the service using the script above.

But when the servers are restarted, when i do a ps -ef , they show the username of the user who runs the script and not as root, in the first column.

How can I solve this issue. as the server will only work as expected if it runs as root and the above setuid setup ps -ef | greps to username and not root.

Please advise

Thanks

blowtorch · August 17, 2006, 9:19am

Are you actually calling the setuid() system call inside that code? If you are not and are only setting the setuid bit on the file, then only the euid is set to root. The difference is seen here:

#include<stdio.h>
#include<unistd.h>  
int main() {          
   fprintf(stdout,"euid: %d",geteuid());
   fprintf(stdout,"uid: %d",getuid());
   execl("/bin/sh","sh",0);
}

#include<stdio.h>
#include<unistd.h>  
int main() {          
   setuid(0);
   fprintf(stdout,"euid: %d",geteuid());
   fprintf(stdout,"uid: %d",getuid());
   execl("/bin/sh","sh",0);
}

Complie both the codes, set the suid flag and run them. The id and the whoami commands should show you the difference.

It is most likely that the code that you are using has not used the setuid call.

0ktalmagik · August 17, 2006, 1:03pm

Hi,

Its a shell script. rws by root, r_s by group named "other" and r_x by all others.

How can i set the uid from inside a setuid program. please let me know.

Also I dont have a c compiler on the system.
Thanks

blowtorch · August 18, 2006, 12:38am

OK, what system are you using? Quite a few systems do not honour the setuid bit on the shell script, as they (setuid scripts) are considered a security hazard.

0ktalmagik · August 18, 2006, 1:31pm

Hi,

Im running Solaris 9 32 bit on a sparc-64 bit system.

Thanks

blowtorch · August 19, 2006, 1:36am

Then it wont work... Solaris does not honour the setuid bit on shell scripts so your program will not run as root.

0ktalmagik · August 19, 2006, 2:04am

any workarounds??

blowtorch · August 20, 2006, 12:16am

Try this:

# cat workaround.c
#include<stdio.h>
#include<unistd.h>  
int main() {          
   setuid(0);
   execl("full_path_to_your_program","filename_of_your_program",0);
}
# cc workaround.c -o workaround
# chmod 4555 workaround

Then if you execute the workaround code, your users will be setuid root. Make sure that the shell script that you are executing does not have any places where the user could break out to shell, or they would get a root shell on the system (you do not want that).