set-UID bit not working as intended
https://stackoverflow.com//questions/21060640
-
26-12-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm running a raspberry pi and would like to create an executable which simply should reboot it after some seconds. (I plan on triggering it via ssh and log out before the actual reboot takes place)
I created an executable with c++ with the content:
#include <cstdlib>
int main () {
system("sleep 5");
system("reboot");
return 0;
}
ls -l of the resulting executable:
---s--x--x 1 root ben 6191 Jan 10 15:42 reboot
The plan of mine was now to use the setuid bit in combination with the root as an owner for the binary so that the reboot command can be executed by any user.
Unfortunately this is not working out and when running the program it gives me:
Failed to issue method call: Access denied
Must be root.
Any explanation on why this is not working?
I know there might be easier ways to do this. This question really aims at understanding why this way is not working.
Thank you in advance and Regards
Solution
I've had similar issue with setuid bit and some versions of bash. In my case the solution was to write the program like this:
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char **argv)
{
// circumvent busybox ash dropping privileges
uid_t uid = geteuid();
setreuid(uid, uid);
system("do something....");
return 0;
}
I hope this will help you too.
OTHER TIPS
While not directly answer to your question, how about allowing users to run shutdown with sudo? You can even specify what options they are allowed to use (see the sudoers(5) man page). Or create a wrapper script with the appropriate arguments and let users run that. It can even check whether it has appropriate rights and try to re-execute itself through sudo if necessary:
#!/bin/sh
if test `id -u` -eq 0; then
# do your stuff - shutdown, poweroff, whatever
else
exec sudo $0 "$@"
fi
According to this document, system() in fact calls /bin/sh, which, on some distributions, ignores the Set-UID bit option.
You might try using exec() rather than system() and directly invoke /sbin/shutdown?
