0

i am trying to write a linux program that uses the c++ mount function (code below), however, the mount operation requires permmissions, and running the program throws the errno 'Operation not permitted' (printed using perror) tried some SO solutions but non was helpful, the alternative is to use the system("sudo mount..") but i prefer the c++ function. is ther a way to use this function with permmissions?

IDE: Clion 2020.2.4

relevant code below

int returnValue = mount(sourcePath,targetPath,"", MS_SHARED, ""); //mounting the device
if (returnValue==0){
        //mount completed 
        //somecode
}else{
        //mount failed        
        std::cout<<"mount failed\n";
        perror("");
    }

output

mount failed
Operation not permitted
Maor Agai
  • 9
  • 1
  • The answer will strongly depend on the environment you will run this in and the control you have over it. Who will run this program and how? Is `targetPath` fixed? Can you use the `user` option in `/etc/fstab` to compensate? – Botje Oct 13 '20 at 20:28
  • 1
    FWIW, `mount` isn't actually a C++ function. Instead, `mount` is a posix function. – NathanOliver Oct 13 '20 at 20:29
  • the program is intended to run on a linux machine and the user will have root permissions, i just have difficulty with running/debuggig it in the clion enviorment as root. targetPath is fixed ,sourcePath is provided as an argument – Maor Agai Oct 13 '20 at 21:04

4 Answers4

2

After you compile the code, change the ownership of the file to the superuser with chown root filename and add "set user or group ID on execution" to the mode of the executable file with chmod u+s filename.

DYZ
  • 55,249
  • 10
  • 64
  • 93
  • 2
    I've never heard of `iopl`, and all manual entries point to it [being used in some obscure X server implementation](https://lwn.net/Articles/804143/) Can you explain why it is needed in a setuid root binary? – Botje Oct 13 '20 at 20:33
1

Some options I see:

  • Just run the binary as root or under sudo;
  • Use setcap cap_sys_admin+ep on your binary to grant it the CAP_SYS_ADMIN capability;
  • If the set of possible targetPaths is fixed, edit /etc/fstab to give these paths the userflag.
Botje
  • 26,269
  • 3
  • 31
  • 41
0
#include <fstream>
#include <iostream>
#include <string>

int main(int argc, char *argv[]){
    std::ifstream tmpfile;
    std::string tmpfile_name = ".mytempfile.tmp";
    std::string command = "groups>";
    std::string searchv[] = {"disk", "sudo", "root"};
    int searchc = sizeof(searchv)/sizeof(searchv[0]);
    int search_matches = 0;
    char data_buffer[128];
    
    if(!system(NULL)) goto ERROR;
    command += tmpfile_name;
    if(system(command.c_str()) != 0) goto ERROR;
    std::cout << "executed external command: \"" << command << "\"" << std::endl;
    
    tmpfile.open(tmpfile_name, std::ios::in);
    if(!tmpfile.is_open()) goto ERROR;
    std::cout << tmpfile_name << " opened" << std::endl;
    do{
        tmpfile >> data_buffer;
        if(tmpfile.eof()) break;
        if(tmpfile.fail()) goto ERROR;
        for(int i = 0; i < searchc; i++){
            if(!searchv[i].compare(data_buffer)){
                search_matches++;
                std::cout << "found group " << searchv[i] << std::endl;
            }
        }
    }
    while(tmpfile.good());
    tmpfile.close();
    
    std::cout << "found " << search_matches << " groups" << std::endl;
    return EXIT_SUCCESS;
    
    ERROR:
    std::cerr << "something bad happened" << std::endl;
    return EXIT_FAILURE;
}

This answer may be off-topic, sorry for that.

This program calls the external Linux program "groups" and searches for keywords "disk", "sudo", "root", which indicating user access rights for mounting a disk.

paladin
  • 765
  • 6
  • 13
-1

accessing an os function implies complying with that os's security model. so short answer, no. you can't override security models in your user-run code

shirleyquirk
  • 1,527
  • 5
  • 21
  • 2
    But you can ask for privilege escalation. Here is an answer for Windows for example: https://stackoverflow.com/questions/26714673/escalate-privilege-at-runtime-windows-api-c-c – Jerry Jeremiah Oct 13 '20 at 20:43
  • 1
    Here is a version for Linux: https://cboard.cprogramming.com/linux-programming/166827-temporarily-gain-root-privileges-perform-open-file.html – Jerry Jeremiah Oct 13 '20 at 20:49
  • @JerryJeremiah you are completely correct thanks for that – shirleyquirk Oct 13 '20 at 20:50