从setuid root的C程序中调用脚本 - 脚本不会以root身份运行 [英] Calling a script from a setuid root C program - script does not run as root

问题描述

我需要运行一个bash脚本，作为root（密码的须藤或SU不可行），因为你可以没有被setuid在Linux中的脚本，我想到了从一个可执行文件调用它，使的是的setuid的：

I need to run a bash script as root (passwordless sudo or su not viable) and since you cannot setuid a script in Linux, I thought about calling it from an executable and making it setuid:

$ cat wrapper.c
int main(void)
{
        system("/bin/bash ./should_run_as_root.sh");
}
$ gcc -o wrapper wrapper.c
$ sudo chown root wrapper
$ sudo chmod ug+s wrapper
$ ll wrapper
-rwsr-sr-x 1 root users 6667 2009-02-17 11:11 wrapper
$

这工作 - 在正常运行脚本 - 但脚本运行作为谁执行./wrapper用户

This works - as in runs the script correctly - but the script runs as the user who executes "./wrapper".

为什么呢？而如何正确地执行呢？

Why? And how to correctly implement this?

谢谢！

推荐答案

由于对可执行文件的 SUID 位只改变了有效的UID（EUID）的可执行文件将作为运行，而不是真正的UID（RUID）的的getuid（）回报，除了限制上 SUID 间preTED脚本（任何可执行文件开头＃！），有些炮弹像庆典作为额外的安全措施将设置EUID回RUID在这种情况下，你需要使用呼叫的setuid（0）在C code前执行脚本。

Since the suid bit on executables only changes the effective UID (EUID) the executable will run as, and not the real UID (RUID) which getuid() returns, and in addition to the restriction on suid interpreted scripts (any executable beginning with "#!"), some shells like bash as an extra safety measure will set the EUID back to the RUID in this case, you will need to use the call setuid(0) in the C code before executing the script.

查看的setuid ，个seteuid 人页>，的getuid 和 geteuid 学习真实有效的UID的精确语义。

See the man pages of the setuid, seteuid, getuid, and geteuid to learn the exact semantics of the real and effective UIDs.

（警告的）当然，这是一个适当的提点，在许多Unix系统，炮弹和相互对 SUID 脚本的限制preters，是有原因的，那就是如果脚本不是很小心消毒的输入，则在执行时环境的状态，他们是危险的，可能被利用进行安全升级。因此，执行此操作时要非常小心。设置访问您的脚本，包装严格，你可以只允许你打算执行这个非常具体的脚本，并启动脚本之前清除你的C程序中的环境，设置环境变量，例如 PATH 包含到底什么是正确的顺序必要的，没有目录是可写给他人。

(WARNING) Of course, this is an appropriate point to mention that the restriction on suid scripts in many Unix systems, shells and interpreters, are there for a reason, which is that if the script is not very careful about sanitizing its input and the state of environment when it is executed, they are dangerous and can be exploited for security escalation. So be very careful when doing this. Set the access to your script and wrapper as strict as you can, only allow this very specific script which you intend to be executed, and clear the environment within your C program before starting the script, setting environment variables such as PATH to contain exactly what is necessary in the right order and no directories that are writable to others.

这篇关于从setuid root的C程序中调用脚本 - 脚本不会以root身份运行的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！