View source for Setuid wrapper
Jump to:
navigation
,
search
Occasionally, or, OK, sometimes frequently, it's necessary to reliably setuid a script when this is otherwise prohibited. When that happens, write a wrapper. Note that the security issues surrounding this are NOT discussed here. This article assumes you are not a n00b, and that you understand fully the security issues and implications. This article also assumes you already know about suid, creating C executables, and so on. It's best NOT to make this a general purpose tool so as to not create yet another way for the NSA (or other unauthorized entity) to get into your computer and become root... that's just one example of the errors in judgment that can be made with this info. Kids, don't try this at home. 1. Create your script. 2. Write the wrapper: <pre> #include <stdio.h> #include <stdlib.h> #include <sys/types.h> #include <unistd.h> int main() { setuid( 0 ); system( "/path/to/myscript.sh" ); return 0; } </pre> 3. Compile <pre> gcc runscript.c -o mywrapper </pre> 4. setuid the executable <pre> sudo -i chown root.root mywrapper chmod 4755 mywrapper </pre> 5. Voila! Victory dance.
Return to
Setuid wrapper
.
Navigation menu
Personal tools
Log in
Namespaces
Page
Discussion
Variants
Views
Read
View source
View history
Actions
Search
Navigation
Main page
Community portal
Current events
Recent changes
Random page
Help
Toolbox
What links here
Related changes
Special pages
Page information