Possible Duplicate:
How to programmatically gain root privileges?
Is there any way to request root access programmatically to user in C over linux ?
I'm using raw sockets so it is needed root access.
Asked
Active
Viewed 1,074 times
1 Answers
0
The idiomatic way is to make your program suid-root, and have the first two lines of main open the raw socket and drop root.
This is still less than ideal from a security standpoint, since:
A compromise later in the program would give an attacker access to a raw socket, which could be used for many malicious purposes, possibly obtaining sufficient information to elevate privilege.
Any suid-root binary could be subject to vulnerabilities from flaws in the dynamic linker or startup code that runs before
main. While these have become increasingly rare, even last year one was found again in glibc's linker usingLD_AUDITstuff. Many security-conscious systems (e.g. Openwall Linux) ban suid-root binaries completely for this reason.
A safer but more complex approach would be to have your program run as a daemon with elevated (but still minimal) privileges, and have the CLI interface be just a trivial wrapper that communicates with the daemon over a unix socket via a trivial protocol that can be mechanically checked for vulnerabilities.
R.. GitHub STOP HELPING ICE
- 208,859
- 35
- 376
- 711