[ACCEPTED]-How to use setuid() from root to become user, with the possibility of becoming root again later?-setuid
Accepted answer
seteuid(some random uid) to drop privileges, seteuid(0) to get them back, when 1 running as root.
It seems like seteuid(x) should work to 1 drop and re-raise privs...
$ cat > t12.c
#include <stdio.h>
#include <unistd.h>
void p(void) { printf("euid=%4d uid=%4d\n", geteuid(), getuid()); }
int main(void) { p(); seteuid(100); p(); seteuid(0); p(); return 0; }
$ cc -Wall t12.c
$ sudo chown root a.out && sudo chmod 4555 a.out
$ sudo ./a.out
euid= 0 uid= 0
euid= 100 uid= 0
euid= 0 uid= 0
$ ./a.out
euid= 0 uid= 501
euid= 100 uid= 501
euid= 0 uid= 501
$
Not a direct answer, just would like to 2 point you to the idea of privilege separation. Here's a great 1 presentation by OpenBSD founder Theo de Raadt.
Fork() before you drop privileges. Wait 4 in the parent task until the child with 3 reduced privileges is done, then resume 2 in the parent with root.
seteuid is not portable 1 to all unices and has other drawbacks too.
Source:
stackoverflow.com
More Related questions
Cookie Warning
We use cookies to improve the performance of the site. By staying on our site, you agree to the terms of use of cookies.