2

I need to write a C program that will allow me to read/write files that are owned by root. However, I can only run the code under another user. I have the root password, but there are no "sudo" or "su" commands on the system, so I have no way of accessing the root account (there are practically no shell commands whatsoever, actually). I don't know a whole lot about UNIX permissions, so I don't know whether or not it is actually possible to do this without exploiting the system in some way or running a program owned by root itself (with +s or whatever). Any advice?

Thanks!

P.S. No, this isn't anything malicious, this is on an iPhone.

AriX
  • 1,647
  • 2
  • 18
  • 24
  • Has the iPhone been jailbroken? – SLaks May 30 '10 at 21:55
  • 2
    Only a jailbroken iPhone is a usable iPhone - if at all. – LukeN May 30 '10 at 21:56
  • Nope, and unfortunately that is not an option in this case. (And LukeN, I completely agree with that sentiment) – AriX May 30 '10 at 21:58
  • 1
    If you "don't know a whole lot about Unix permissions" you might want to rectify that prior to escalating permissions and accidentally bricking the system. http://en.wikipedia.org/wiki/Unix_security – msw May 30 '10 at 21:59
  • P.P.S. What inconceivable harm could one ever do with a mobile device full of personal information, and then some of other people. There are solid reasons behind UNIX file permissions, but the strongest are the ones yet unheard of. – jpinto3912 May 30 '10 at 22:34
  • 1
    jpinto3912 - Well, it's my phone, so... :p – AriX May 30 '10 at 22:38
  • If you're jailbroken iPhone just install the BSD subsystem from Cydia to get access to all the commands that are missing. – Christopher Tarquini May 31 '10 at 02:59
  • Thanks Chris, but as I said, I'm not jailbroken, and that is not an option. – AriX May 31 '10 at 15:21

3 Answers3

2

Under the UNIX permissions system, you need to run a file owned by root itself that's marked setuid-root (+s, as you said) or communicate with some process that is already running as root.

If there is no such file, you are out of luck.

Daniel Stutzbach
  • 74,198
  • 17
  • 88
  • 77
  • OK. That's what I thought. I guess there is no way to log in as root except through something that already has root privileges to grant them to me. – AriX May 31 '10 at 15:22
  • @AriX: Yes, I'm afraid so. From a security perspective, that's a feature. ;-) – Daniel Stutzbach May 31 '10 at 16:12
1

You can do this with setting suid bit to application, but if you want from this c application run a some shell this was be runned on local user if you do it normally this is security system.

However you can read/write/execute files owned by root, but if your user is not in group of file your target file must have setted read/write/execute on last 3 bits or when your user is in file owner group you must check/apply this to 3 bits in middle position. (3 first bits setting permission to owner but this may not by a usable information for you).

If you dont have any access to root account. Then if group and other user permissions dont access functions as you must have, you can't do with this anything except trying get some prilveaged user for access this file. In other cases you can do some fixes in file access permissions but not from this system, you must get hard drive from this device and attach to other to change it or load on this device some live system to change this. However you can do this on privleaged system not on this.

More information about SUID bits you can find at:

http://www.codecoffee.com/tipsforlinux/articles/028.html

http://www.everyjoe.com/newlinuxuser/explain-what-is-setuid-and-setgid/

Svisstack
  • 16,203
  • 6
  • 66
  • 100
  • Thanks, but as I do not have root privileges, I cannot set the owner as root and set the SUID bit. – AriX May 30 '10 at 22:01
  • Then if group and other user permissions dont access functions as you must have, you can't do with this anything except trying get some prilveaged user for access this file. In other cases you can do some fixes in file access permissions but not from this system, you must get hard drive from this device and attach to other to change it or load on this device some live system to change this. However you can do this on privleaged system not on this. – Svisstack May 30 '10 at 22:06
0

The iPhone SDK doesn't allow this. Your application is sandboxed and it is not allowed to go outside of that sandbox except in very specific ways provided by Apple. The only way to do this on an iPhone is to jailbreak it.

Chuck
  • 234,037
  • 30
  • 302
  • 389