0

I'm wondering why my version of mount appears to ignore the effective user ID...

I have this C program owned by root with permission u+s:

int main() {
    execl("/bin/mount", "/bin/mount", "/mnt/abc", (char *)0);
}

When a regular user runs it, it complains about not being root. I can work around it like this:

int main() {
    setuid(0);
    execl("/bin/mount", "/bin/mount", "/mnt/abc", (char *)0);
}

I read that bash changes the effective uid to the real uid as a safety feature. (see Calling a script from a setuid root C program - script does not run as root) However, I don't see why mount should do that. Does anyone know?

My mount version is:

mount from util-linux 2.29.2 (libmount 2.29.2: selinux, btrfs, assert, debug)

snoopy
  • 399
  • 1
  • 4
  • 11

1 Answers1

1

This happens because mount is designed to run as suid root. 

$ ls -l /bin/mount
-rwsr-xr-x 1 root root 44200 Mar  6 13:31 /bin/mount
   ^

CDs or floppy drives would typically have the user option set in fstab to allow non-root users to access removable media. mount was made SUID root to support this, and it therefore checks the real UID to determine what you're allowed to do.

that other guy
  • 116,971
  • 11
  • 170
  • 194