1

Don't tell me this is a duplicate because I have already read questions like how to execute a command as root but I just can't make it work for me.

This is my C program whoami.c:

#include <stdio.h>
#include <stdlib.h>

int main() {
    system("whoami");
}

And this is exactly what I did:

user@ubuntu:~/Desktop/test$ ls
whoami.c
user@ubuntu:~/Desktop/test$ gcc whoami.c 
user@ubuntu:~/Desktop/test$ sudo chown root:root a.out 
[sudo] password for user: 
user@ubuntu:~/Desktop/test$ sudo chmod 4711 a.out 
user@ubuntu:~/Desktop/test$ ls -l
total 24
-rws--x--x 1 root    root    16816 Nov 13 13:03 a.out
-rw-rw-r-- 1 user    user    75    Nov 13 13:03 whoami.c
user@ubuntu:~/Desktop/test$ ./a.out 
user
user@ubuntu:~/Desktop/test$ sudo ./a.out 
root
user@ubuntu:~/Desktop/test$

I thought that the s in the execution bit means that no matter who starts this program, it will ever run as root so my question is why is this not working?

And if doing this is not possible how can I let any user run a specific program as root?

Tommimon
  • 131
  • 1
  • 12
  • 1
    Read this: [**Unix / Linux: Difference between Real User ID, Effective User ID and Saved User ID**](https://stackoverflow.com/questions/32455684/unix-linux-difference-between-real-user-id-effective-user-id-and-saved-user) And then read the `whoami` man page... – Andrew Henle Nov 13 '20 at 12:26
  • Also check that your volume is not mounted with `-nosuid`. – n. m. could be an AI Nov 13 '20 at 12:32
  • 1
    Just to be clear `whoami` is just an example I can't either reed root protected files using this same method, but I can do it adding `sudo` of course which is the normal behavior, SUID seams to be completely useless. – Tommimon Nov 13 '20 at 12:33
  • 1
    @Tommimon *SUID seams to be completely useless.* And just how do you think `sudo` works? – Andrew Henle Nov 13 '20 at 12:39
  • I'm doing it right now, I was just saying don't focus on `whoami` because is an example – Tommimon Nov 13 '20 at 12:43
  • So using SUID I'm changing the effective ID right? And to read a file which one matters real or effective? – Tommimon Nov 13 '20 at 12:56
  • @n. 'pronouns' m. how can I check that? – Tommimon Nov 13 '20 at 14:10
  • 1
    No it' the other way around. You are changing real and you need effective. To change effective uid, call `setuid()` (see `man 2 setuid`). You can only do that if real uid is root. – n. m. could be an AI Nov 13 '20 at 15:46

1 Answers1

3

This worked for me: add setuid(geteuid()); before running de command.

To use setuid() and geteuid() you need to import unistd.h

Working program:

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

int main() {
    setuid(geteuid());
    system("whoami");
}

If you set up SUID with the same commands of the question you get always root as output no matter which user run this program.

Instead of whoami you can use any other command, also if it require root privileges.

I saw this setup in a YouTube video

Tommimon
  • 131
  • 1
  • 12