Ross Brantner <brantner@nrc.net> wrote:
I am writing a system that needs to access hardware and therefore must be
run as root. I am unable to have the program change the userid from the
users to 0, root. I have attempted to use both “seteuid(0)” and
“setuid(0)”. These will only successfully complete if I run the program as
root, they fail when I attempt to run them as any other user. Am I missing
something somewhere? Is there a compiler option that I must use? Please
help, because the way the system is setup currently it is not at all secure.
This is intended behaviour. Think of the security hole if just any program
run by anyone can do a “setuid(0)” and have it succeed.
Ok, how to make this work? Well, you have to code your program pretty
carefully, and it is probably worth grabbing a Unix book that talks about
uids, euids, and their effects.
The usual method is to make the program owned by root, then set the setuid
bit on the executable so that, when running, it has root privileges.
Then, it should immediately call seteuid(getuid());
This will set the effective userid to the person who ran the program.
Then, before you need root access for something, call seteuid(0), do
the bit that requires root access, then call seteuid(getuid()) again
immediately after.
If the process never again needs root access, it can call setuid(getuid())
to set everything to the uid of the person running the program.
Be careful. Anytime you write a setuid root program, you may be creating
a security hole, carefully audit the code to make sure nothing unexpected
can happen while root privilege is available.
-David
QNX Training Services
dagibbs@qnx.com