[ACCEPTED]-How to use setuid() from root to become user, with the possibility of becoming root again later?-setuid

Accepted answer
Score: 10

seteuid(some random uid) to drop privileges, seteuid(0) to get them back, when 1 running as root.

Score: 6

It seems like seteuid(x) should work to 1 drop and re-raise privs...

$ cat > t12.c
#include <stdio.h>
#include <unistd.h>

void p(void) { printf("euid=%4d uid=%4d\n", geteuid(), getuid()); }

int main(void) { p(); seteuid(100); p(); seteuid(0); p(); return 0; }
$ cc -Wall t12.c
$ sudo chown root a.out && sudo chmod 4555 a.out
$ sudo ./a.out
euid=   0 uid=   0
euid= 100 uid=   0
euid=   0 uid=   0
$ ./a.out
euid=   0 uid= 501
euid= 100 uid= 501
euid=   0 uid= 501
Score: 3

Not a direct answer, just would like to 2 point you to the idea of privilege separation. Here's a great 1 presentation by OpenBSD founder Theo de Raadt.

Score: 1

Fork() before you drop privileges. Wait 4 in the parent task until the child with 3 reduced privileges is done, then resume 2 in the parent with root.

seteuid is not portable 1 to all unices and has other drawbacks too.

More Related questions