问题
changeIDs() is trying to use setuid() to change the effective user id but it always errors out and I'm not sure why.
I have two users on computer. user is an admin with UID of 1000. The other standard user, user 2, has a UID of 1001.
I want to use this program to set user2's effective UID to that of user1 (1000). Why does setuid() keep erroring?
I made sure to run chmod u+s on the program executable as well and it still fails.
rror with setuid() - errno : Operation not permitted
Also, do you know why the E in cut off in my perror strings?
#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <getopt.h>
#include <ctype.h>
#include <string.h>
#include <sys/types.h>
#include <errno.h>
void getArguments(int argc, char **argv);
void displayIDs();
void changeID(int userid);
int main(int argc, char **argv)
{
getArguments(argc, argv);
return 0;
}
/*
* The program accepts an option of “c” followed by a numeric user id.
* When executing the program with the c option followed by a user id,
* the system displays the real, effective, and saved set user id,
* then attempts to change the effective user id to the numeric user
* id passed into the application, and then displays the real,
* effective, and saved set user id. (20 pts)
*/
void changeID(int userid)
{
printf("Original IDs:\n==================\n");
displayIDs();
uid_t newid = (uid_t)userid;
//pass the id var as references as outlined in the setuid() man pages
//error check, fail returns -1
/*
if(setresuid(&newid, &newid, &newid) == -1)
{
perror("Error with setuid() - errno " + errno);
}
*/
if(setuid(&newid) == -1)
{
perror("Error with setuid() - errno " + errno);
}
printf("\n(Attempted) Changed IDs:\n==================\n");
displayIDs();
}
/*
* The program accepts an option of “g.”
* When executing the program with the g option,
* the system displays the real, effective,
* and saved set user id. (10 pts)
*/
void displayIDs()
{
uid_t ruid;//real user id
uid_t euid;//effective user id
uid_t suid;//saved set id
//pass the id vars as references as outlined in the getresuid() man pages
//error check, fail returns -1
if ( getresuid(&ruid, &euid, &suid) == -1)
{
perror("Error with getresuid() - errno " + errno);
}
printf("Real User ID: %d\n", ruid);
printf("Effective User ID: %d\n", euid);
printf("Saved Set User ID: %d\n", suid);
}
//get the arguments from the command line and pass it into the program, calling the right function
void getArguments(int argc, char **argv)
{
int option = 0;
while ((option = getopt(argc, argv, "gc:")) != -1)
{
switch (option)
{
case 'g' :
displayIDs();
break;
case 'c' :
changeID(optarg);
break;
case '?' :
printf("Invalid argument\n");
break;
default:
printf("Invalid - no argument (g or c)\n");
break;
}
}
}
回答1:
rror with setuid() - errno : Operation not permitted
Also, do you know why the E in cut off in my perror strings?
This is because you pass perror() "Error with setuid() - errno " + errno, which is equivalent to &"Error with setuid() - errno "[errno], which is (since errno equals 1) equal to the address of the second char of the string.
You seem to be used to a language with a concatenation operator +, which is not the case in C.
回答2:
It fails because neither the effective user ID you're going to set is 0(root) nor the effective Id is identical to the ID you expected.
Below comes from setuid(2):
The setuid() function sets the real and effective user IDs and the saved set-user-ID of the current process to the specified value. The setuid() function is permitted if the effective user ID is that of the super user, or if the specified user ID is the same as the effective user ID. If not, but the specified user ID is the same as the real user ID, setuid() will set the effective user ID to the real user ID.
来源:https://stackoverflow.com/questions/33838678/setuid-failing-operation-not-permitted