gain privileges (with permission) when coding

vkumar · 2008-11-27 03:09:22

Suppose you ask a user for their password (nicely), and they type it in your gui prompt.

How would you escalate your privileges to root?

string · 2008-11-27 09:55:38

You don't. You set your program to be owned by root and have the SUID bit ON. Then you use seteuid() and setegid(). A stupid/bad/ugly example:

# cat badcode.c
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>


int main(void)
{
    if (seteuid(1000) != 0) {
        fprintf(stderr, "seteuid(1000) resulted in an EPIC FAIL\n");
        return 1;
    }

    printf("We are now: %d\n", geteuid());
    system("cat /etc/shadow");

    if (seteuid(0) || setuid(0)) {
        fprintf(stderr, "seteuid(0) or setuid(0) resulted in an EPIC FAIL\n");
        return 1;
    }

    printf("We are now: %d\n", geteuid());
    system("cat /etc/shadow");

    return 0;
}
# gcc -o badcode badcode.c
# chown root:root ./badcode
# chmod 4755 ./badcode
# su - useronethousand
$ /path/to/badcode

Last edited by string (2008-11-27 10:26:22)

vkumar · 2008-11-28 16:01:55

hahaha

Thanks anyways, that was fun to look at.

string · 2008-11-28 18:10:54

I'm not sure what the amusing part is, perhaps you'll be so kind as to tell me (depending on your reply, I might tell you a couple of things I find funny too).

One thing is clear: it doesn't solve your problem, so the question is: why doesn't it solve your problem? If you think that somehow a non-root-owned-non-suid-executable can `magically` and on its own accord -- escalate its priviledges.. well let's just say this would be a pretty big shock to the Linux security community. Check out the outputs of : ls -al `which su` and ls -al `which sudo` (should you have those binaries on your system), draw some conclusions. Tschüss

vkumar · 2008-11-28 21:56:22

Suppose you write a user-space game. Hypothetically, you have an "extension" package in the AUR that your app is instructed to fetch & install. You need root access to do this, so the app prompts the user, and the rest is handled from there.

So really, I don't want to "magically" escalate an applications privileges, I want to do it for a reason (although not the one I cited above) and I want to do it methodologically.

The reason your code doesn't help me, is because it just checks if you're root (and if not, it quits).

p.s:
Nothing funny about your code, and I didn't mean to come off as flippant.
Just amused by your choice of error messages - thought they were tasteful, you see.

Last edited by vkumar (2008-11-28 21:56:37)

rscholer · 2008-11-28 23:34:10

vkumar wrote:

Suppose you write a user-space game. Hypothetically, you have an "extension" package in the AUR that your app is instructed to fetch & install. You need root access to do this, so the app prompts the user, and the rest is handled from there.

Well, I've got 2 points you should consider:
1. An application should never use a specific paketmanager, except it enhancing this paketmanager, because different users use a different paketmanager.

2.1. An app should never update itself. This only leads to Dependency hell.

2.2. If there is an optional extension, which is interesting for a user, create a new package. If there is a extension, which every user needs, include it in the original package.

vkumar · 2008-11-28 23:44:34

Well, I've got 2 points you should consider:
1. An application should never use a specific paketmanager, except it enhancing this paketmanager, because different users use a different paketmanager.
2.1. An app should never update itself. This only leads to Dependency hell.
2.2. If there is an optional extension, which is interesting for a user, create a new package. If there is a extension, which every user needs, include it in the original package.

Exactly I wouldn't do something like that..
It was a purely hypothetical discussion, I don't plan on writing any code for that purpose.

I guess the best way to do this is just determine whether or not you are root, and spam the user to give you more privileges if you are not: so thanks @string!

I was just curious to know if that is possible.

damjan · 2008-11-29 01:04:05

You can write a helper util to do what's needed to be done as root, and then invoke it via sudo/kdesu/gsu*.

Of course, this util must be ver very simple and rigorously reviewed for security.

string · 2008-11-29 08:00:12

vkumar wrote:

The reason your code doesn't help me, is because it just checks if you're root (and if not, it quits).

As I had said in the beginning, the executable has to SUID 0 upon execution. The "procedure" is then simple: it immediatly drops its privileges (as I'm assuming your application doesn't *usually* need UID 0). When/If it will need superuser capabilities, it can "regain" them if one uses the seteuid()/setegid() functions. <- that is what I was suggesting. Anything other than this and you have to use 3rd party binaries, as damjan suggests (although damjan: not everybody uses/needs/wants sudo/kdesu/gksu) (I didn't suggest this because I thought the initial process needed to elevate its own privilege, not run a couple of instructions [which would eventually be part of a different binary] under elevated privileges).

As for your specific purpose, I guess a sepparate program to fetch/install said extensions would be "the" way to go.

Arch Linux

#1 2008-11-27 03:09:22

gain privileges (with permission) when coding

#2 2008-11-27 09:55:38

Re: gain privileges (with permission) when coding

#3 2008-11-28 16:01:55

Re: gain privileges (with permission) when coding

#4 2008-11-28 18:10:54

Re: gain privileges (with permission) when coding

#5 2008-11-28 21:56:22

Re: gain privileges (with permission) when coding

#6 2008-11-28 23:34:10

Re: gain privileges (with permission) when coding

#7 2008-11-28 23:44:34

Re: gain privileges (with permission) when coding

#8 2008-11-29 01:04:05

Re: gain privileges (with permission) when coding

#9 2008-11-29 08:00:12

Re: gain privileges (with permission) when coding

Board footer