setuid()失败-不允许操作 [英] setuid() failing - operation not permitted

问题描述

changeIDs()试图使用setuid()更改有效的用户ID 但总是出错，我不确定为什么.

changeIDs() is trying to use setuid() to change the effective user id but it always errors out and I'm not sure why.

我在计算机上有两个用户.用户是UID为1000的管理员.另一个标准用户(用户2)的UID为1001.

I have two users on computer. user is an admin with UID of 1000. The other standard user, user 2, has a UID of 1001.

我想使用此程序将user2的有效UID设置为user1的有效UID(1000).为什么setuid()不断出错?

I want to use this program to set user2's effective UID to that of user1 (1000). Why does setuid() keep erroring?

我确保也可以在程序可执行文件上运行chmod u + s，但仍然失败.

I made sure to run chmod u+s on the program executable as well and it still fails.

带有setuid()的错误-errno:不允许操作

另外，您知道为什么我的短弦中的E in会中断吗?

#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <getopt.h>
#include <ctype.h>
#include <string.h>
#include <sys/types.h>
#include <errno.h>

void getArguments(int argc, char **argv);
void displayIDs();
void changeID(int userid);



int main(int argc, char **argv)
{
    getArguments(argc, argv);

    return 0;
}



/*
 * The program accepts an option of "c" followed by a numeric user id.
 * When executing the program with the c option followed by a user id,
 * the system displays the real, effective, and saved set user id,
 * then attempts to change the effective user id to the numeric user
 * id passed into the application, and then displays the real,
 * effective, and saved set user id. (20 pts)
 */
void changeID(int userid)
{
    printf("Original IDs:\n==================\n");
    displayIDs();

    uid_t newid = (uid_t)userid;

    //pass the id var as references as outlined in the setuid() man pages
    //error check, fail returns -1
    /*
    if(setresuid(&newid, &newid, &newid) == -1)
    {
        perror("Error with setuid() - errno " + errno);
    }
    */


    if(setuid(&newid) == -1)
    {
        perror("Error with setuid() - errno " + errno);
    }


    printf("\n(Attempted) Changed IDs:\n==================\n");
    displayIDs();
}



/*
 * The program accepts an option of "g."
 * When executing the program with the g option,
 * the system displays the real, effective,
 * and saved set user id. (10 pts)
 */
void displayIDs()
{
    uid_t ruid;//real user id
    uid_t euid;//effective user id
    uid_t suid;//saved set id

    //pass the id vars as references as outlined in the getresuid() man pages
    //error check, fail returns -1
    if ( getresuid(&ruid, &euid, &suid) == -1)
    {
        perror("Error with getresuid() - errno " + errno);
    }

    printf("Real User ID: %d\n", ruid);
    printf("Effective User ID: %d\n", euid);
    printf("Saved Set User ID: %d\n", suid);
}



//get the arguments from the command line and pass it into the program, calling the right function
void getArguments(int argc, char **argv)
{
    int option = 0;

    while ((option = getopt(argc, argv, "gc:")) != -1)
    {

        switch (option)
        {
             case 'g' :
                 displayIDs();
                 break;
             case 'c' :
                 changeID(optarg);
                 break;
             case '?' :
                 printf("Invalid argument\n");
                 break;
             default:
                 printf("Invalid - no argument (g or c)\n");
                 break;
        }
    }
}

推荐答案

带有setuid()的错误-errno:不允许操作

另外，您知道为什么我的短弦中的E in会中断吗?

这是因为您传递了perror() "Error with setuid() - errno " + errno，它等效于&"Error with setuid() - errno "[errno]，该值(由于errno等于1)等于字符串的第二个char的地址.
您似乎习惯了使用串联运算符+的语言，而在C语言中则不是这种情况.

This is because you pass perror() "Error with setuid() - errno " + errno, which is equivalent to &"Error with setuid() - errno "[errno], which is (since errno equals 1) equal to the address of the second char of the string.
You seem to be used to a language with a concatenation operator +, which is not the case in C.

这篇关于setuid()失败-不允许操作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！