Since the suid
bit on executables only changes the effective UID (EUID) the executable will run as, and not the real UID (RUID) which getuid()
returns, and in addition to the restriction on suid
interpreted scripts (any executable beginning with "#!
"), some shells like bash
as an extra safety measure will set the EUID back to the RUID in this case, you will need to use the call setuid(0)
in the C code before executing the script.
See the man
pages of the setuid
, seteuid
, getuid
, and geteuid
to learn the exact semantics of the real and effective UIDs.
(WARNING) Of course, this is an appropriate point to mention that the restriction on suid
scripts in many Unix systems, shells and interpreters, are there for a reason, which is that if the script is not very careful about sanitizing its input and the state of environment when it is executed, they are dangerous and can be exploited for security escalation. So be very careful when doing this. Set the access to your script and wrapper as strict as you can, only allow this very specific script which you intend to be executed, and clear the environment within your C program before starting the script, setting environment variables such as PATH
to contain exactly what is necessary in the right order and no directories that are writable to others.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…