运行用C setuid程序正确方法 [英] correct way to run setuid programs in C

问题描述

我有权限的4750两个用户在我的Linux系统中存在的过程。 root用户和用户appz。该进程继承运行为appz用户进程管理器的权限。

I have a process with permissions 4750. Two users exist in my Linux system. The root user and the appz user. The process inherits the permissions of a process manager that runs as "appz" user.

我有两个基本套路：

void do_root (void)
{
        int status;
        status = seteuid (euid);
        if (status < 0) { 
        exit (status);
        }    
}

/* undo root permissions */
void undo_root (void)
{
int status;
        status = seteuid (ruid);
        if (status < 0) { 
                exit (status);
        }
        status = setuid(ruid);
        if (status < 0) { 
                exit (status);
        }
}

我的流程是这样的：

My flow is the following:

int main() {
 undo_root();
 do some stuff;
 do_root();
 bind( port 80); //needs root perm
 undo_root();
 while(1) {

    accept commads()
    if ( commands needs root user access)
    {
       do_root();
       execute();
       undo_root();

    }

 }

正如你可以看到我想要执行某些命令以root身份。我想暂时下降的权限，如果任务需要root权限我紧裹do_root和undo_root调用之间的命令。

As you can see I want to execute some commands as root. I am trying to drop permissions temporarily and if the tasks needs root access I wrap the command between a do_root and undo_root call.

不过似乎我的计划是行不通的。

However it seems that my program is not working.

什么是规范的方式做到这一点？

What is the canonical way to do it?

推荐答案

老派的方法是在两个do_root和undo_root使用setreuid（）来交换RUID和EUID：

The old-school way is to in both do_root and undo_root to use setreuid() to swap ruid and euid:

setreuid(geteuid(), getuid());

这是完全可以接受的，如果程序是足够小，做一个完整的安全审计。

This is perfectly acceptable if the program is small enough to do a complete security audit.

新学校的方式要复杂得多，涉及fork（）的ING关闭接受指令，适合做什么以root身份，然后做的setuid（的getuid（））在父永久落根一个孩子..孩子负责验证收到的所有指令。对于一个足够大的程序，这滴那一定是安全审计的code的量，并允许用户与作业控制管理流程或杀死它，等等。

The new-school way is far more complex and involves fork()ing off a child that accepts directives for what to do as root and then doing setuid(getuid()) to drop root permanently in the parent.. The child is responsible for validating all directives it receives. For a large enough program, this drops the amount of code that must be security audited, and allows the user to manage the process with job control or kill it, etc.

这篇关于运行用C setuid程序正确方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！