Set-User-ID Programs

README.md

Set-User-ID Programs

Advanced Programming in the UNIX® Environment Third Edition

SS 8.13

$ go build tsys.go
$ sudo chmod u+s tsys
$ go build printuids.go       
$ ./tsys ./printuids          
real uid = 501, effective uid = 501

$ sudo chmod u+s tsys         
$ ./tsys ./printuids          
real uid = 501, effective uid = 501

$ ll              
total 7904
-rwxr-xr-x  1 ato  staff  1810400  8  4 21:32 printuids
-rw-r--r--  1 ato  staff      166  8  4 21:20 printuids.go
-rwsr-xr-x  1 ato  staff  2226112  8  4 21:31 tsys
-rw-r--r--  1 ato  staff      276  8  4 21:31 tsys.go
$ sudo chown root tsys        
$ ll              
total 7904
-rwxr-xr-x  1 ato   staff  1810400  8  4 21:32 printuids
-rw-r--r--  1 ato   staff      166  8  4 21:20 printuids.go
-rwsr-xr-x  1 root  staff  2226112  8  4 21:31 tsys
-rw-r--r--  1 ato   staff      276  8  4 21:31 tsys.go
$ ./tsys ./printuids
real uid = 501, effective uid = 0

$ go clean

The superuser permissions that we gave the tsys program are retained across the fork and exec that are done by system.

printuids.go

package main

import (
	"fmt"
	"os"
	"syscall"
)

func main() {
	fmt.Printf("real uid = %d, effective uid = %d\n", syscall.Getuid(), syscall.Geteuid())
	os.Exit(0)
}

tsys.go

package main

import (
	"fmt"
	"log"
	"os"
	"os/exec"
)

func main() {
	if len(os.Args) < 2 {
		log.Fatal("command-line argument required")
	}

	cmd := exec.Command(os.Args[1])
	buf, err := cmd.CombinedOutput()
	if err != nil {
		log.Fatal(err)
	}
	fmt.Println(string(buf))
}