Menu
Search

Forums

Forum Index

Thread overview
Requesting Superuser
Oct 01, 2007
Jesse Phillips
Oct 01, 2007
BCS
Oct 01, 2007
Jesse Phillips
Oct 01, 2007
BCS
Oct 02, 2007
Regan Heath
Oct 02, 2007
Nathan Reed
Oct 02, 2007
BCS
October 01, 2007
Gravatar of Jesse PhillipsPosted by Jesse PhillipsReply
Jesse Phillips
Gravatar of Jesse Phillips


Reply
As a Linux programmer it can be important to have a program run with superuser privileges. I am trying to figure out the best way to either become a super user by asking for a password, or simply checking if it is run as a superuser.

I have been looking at how to do this in C and found information on suser () which seems to be for FreeBSD. http://www.gsp.com/cgi-bin/man.cgi?section=9&topic=suser

I was also reading some stuff on secure programming which said not to use system() because it invokes the shell, that's fine but is it really a problem? http://www.onlamp.com/pub/a/onlamp/excerpt/PUIS3_chap16/index1.html

Any good links or search queries would be great.

Thanks,
Jesse Phillips
October 01, 2007
Gravatar of BCSPosted by BCS
in reply to Jesse Phillips		Reply
BCS
Gravatar of BCS
Posted in reply to Jesse Phillips


Reply
Jesse Phillips wrote:
> As a Linux programmer it can be important to have a program run with superuser privileges. I am trying to figure out the best way to either become a super user by asking for a password, or simply checking if it is run as a superuser.
> 
> I have been looking at how to do this in C and found information on suser
> () which seems to be for FreeBSD.
> http://www.gsp.com/cgi-bin/man.cgi?section=9&topic=suser
> 
> I was also reading some stuff on secure programming which said not to use system() because it invokes the shell, that's fine but is it really a problem?
> http://www.onlamp.com/pub/a/onlamp/excerpt/PUIS3_chap16/index1.html
> 
> Any good links or search queries would be great.
> 
> Thanks,
> Jesse Phillips


Are you looking for D specific stuff? Under Unix I would expect that superuser related stuff will be the same as under C. As such I expect that this NG wouldn't have any specific expertices in that. You might get lucky and find someone who knowns (these guys have quite a range of knowledge) but here is not the first place I'd look.
October 01, 2007
Gravatar of Jesse PhillipsPosted by Jesse Phillips
in reply to BCS		Reply
Jesse Phillips
Gravatar of Jesse Phillips
Posted in reply to BCS


Reply
On Mon, 01 Oct 2007 15:33:18 -0700, BCS wrote:

> Jesse Phillips wrote:
>> As a Linux programmer it can be important to have a program run with superuser privileges. I am trying to figure out the best way to either become a super user by asking for a password, or simply checking if it is run as a superuser.
>> 
>> I have been looking at how to do this in C and found information on suser () which seems to be for FreeBSD. http://www.gsp.com/cgi-bin/man.cgi?section=9&topic=suser
>> 
>> I was also reading some stuff on secure programming which said not to use system() because it invokes the shell, that's fine but is it really a problem? http://www.onlamp.com/pub/a/onlamp/excerpt/PUIS3_chap16/index1.html
>> 
>> Any good links or search queries would be great.
>> 
>> Thanks,
>> Jesse Phillips
> 
> 
> Are you looking for D specific stuff? Under Unix I would expect that superuser related stuff will be the same as under C. As such I expect that this NG wouldn't have any specific expertices in that. You might get lucky and find someone who knowns (these guys have quite a range of knowledge) but here is not the first place I'd look.

Well, I was hoping for something D specific, but didn't think there would be. Phobos has a std.linux package but the docs don't say anything about what is in it, I guess I could look at the source.
October 01, 2007
Gravatar of BCSPosted by BCS
in reply to Jesse Phillips		Reply
BCS
Gravatar of BCS
Posted in reply to Jesse Phillips


Reply
Jesse Phillips wrote:
> On Mon, 01 Oct 2007 15:33:18 -0700, BCS wrote:
> 
> 
>>Jesse Phillips wrote:
>>
>>>As a Linux programmer it can be important to have a program run with
>>>superuser privileges. I am trying to figure out the best way to either
>>>become a super user by asking for a password, or simply checking if it
>>>is run as a superuser.
>>>
>>>I have been looking at how to do this in C and found information on
>>>suser () which seems to be for FreeBSD.
>>>http://www.gsp.com/cgi-bin/man.cgi?section=9&topic=suser
>>>
>>>I was also reading some stuff on secure programming which said not to
>>>use system() because it invokes the shell, that's fine but is it really
>>>a problem?
>>>http://www.onlamp.com/pub/a/onlamp/excerpt/PUIS3_chap16/index1.html
>>>
>>>Any good links or search queries would be great.
>>>
>>>Thanks,
>>>Jesse Phillips
>>
>>
>>Are you looking for D specific stuff? Under Unix I would expect that
>>superuser related stuff will be the same as under C. As such I expect
>>that this NG wouldn't have any specific expertices in that. You might
>>get lucky and find someone who knowns (these guys have quite a range of
>>knowledge) but here is not the first place I'd look.
> 
> 
> Well, I was hoping for something D specific, but didn't think there would be. Phobos has a std.linux package but the docs don't say anything about what is in it, I guess I could look at the source.

failing anything else, figure out how to do it it C and then declare the needed function declarations. In my experience POSIX stuff is easy to translate.
October 02, 2007
Gravatar of Nathan ReedPosted by Nathan Reed
in reply to Jesse Phillips		Reply
Nathan Reed
Gravatar of Nathan Reed
Posted in reply to Jesse Phillips


Reply
Jesse Phillips wrote:
> As a Linux programmer it can be important to have a program run with superuser privileges. I am trying to figure out the best way to either become a super user by asking for a password, or simply checking if it is run as a superuser.

I'm not a Linux expert, but it's my understanding that there is no way to "become" a superuser.  The program cannot be run as an ordinary user and then elevate itself to superuser status (that would make the whole superuser concept pointless).

Programs like 'sudo' and 'passwd', which always execute as root but can be called by any user, are made by first ensuring that the executable is owned by root and then setting the SUID bit in the permissions bitmask on the executable.  This does not affect how the programs are written at all; it is solely a file-system/OS feature.

Thanks,
Nathan Reed
October 02, 2007
Gravatar of BCSPosted by BCS
in reply to Nathan Reed		Reply
BCS
Gravatar of BCS
Posted in reply to Nathan Reed


Reply
Reply to Nathan,

> Jesse Phillips wrote:
> 
>> As a Linux programmer it can be important to have a program run with
>> superuser privileges. I am trying to figure out the best way to
>> either become a super user by asking for a password, or simply
>> checking if it is run as a superuser.
>> 
> I'm not a Linux expert, but it's my understanding that there is no way
> to "become" a superuser.  The program cannot be run as an ordinary
> user and then elevate itself to superuser status (that would make the
> whole superuser concept pointless).
> 
> Programs like 'sudo' and 'passwd', which always execute as root but
> can be called by any user, are made by first ensuring that the
> executable is owned by root and then setting the SUID bit in the
> permissions bitmask on the executable.  This does not affect how the
> programs are written at all; it is solely a file-system/OS feature.
> 
> Thanks,
> Nathan Reed

almost

A program with the SUID bit can use the setuid system call (and a few related functions) to move around several different UIDs (IIRC there are three, the owner of the file, the original from the process that exec'ed and another that I forget where it comes from). Run a man on setuid and you will get more than you want to wade through. If you are interested I did a term paper on the Linux system calls a while ago and it has a little better description in it.
October 02, 2007
Gravatar of Regan HeathPosted by Regan Heath
in reply to BCS		Reply
Regan Heath
Gravatar of Regan Heath
Posted in reply to BCS


Reply
BCS wrote:
> Jesse Phillips wrote:
>> On Mon, 01 Oct 2007 15:33:18 -0700, BCS wrote:
>>
>>
>>> Jesse Phillips wrote:
>>>
>>>> As a Linux programmer it can be important to have a program run with
>>>> superuser privileges. I am trying to figure out the best way to either
>>>> become a super user by asking for a password, or simply checking if it
>>>> is run as a superuser.
>>>>
>>>> I have been looking at how to do this in C and found information on
>>>> suser () which seems to be for FreeBSD.
>>>> http://www.gsp.com/cgi-bin/man.cgi?section=9&topic=suser
>>>>
>>>> I was also reading some stuff on secure programming which said not to
>>>> use system() because it invokes the shell, that's fine but is it really
>>>> a problem?
>>>> http://www.onlamp.com/pub/a/onlamp/excerpt/PUIS3_chap16/index1.html
>>>>
>>>> Any good links or search queries would be great.
>>>>
>>>> Thanks,
>>>> Jesse Phillips
>>>
>>>
>>> Are you looking for D specific stuff? Under Unix I would expect that
>>> superuser related stuff will be the same as under C. As such I expect
>>> that this NG wouldn't have any specific expertices in that. You might
>>> get lucky and find someone who knowns (these guys have quite a range of
>>> knowledge) but here is not the first place I'd look.
>>
>>
>> Well, I was hoping for something D specific, but didn't think there would be. Phobos has a std.linux package but the docs don't say anything about what is in it, I guess I could look at the source.
> 
> failing anything else, figure out how to do it it C and then declare the needed function declarations. In my experience POSIX stuff is easy to translate.

I believe the POSIX routines are:
http://linux.die.net/man/2/getuid
http://linux.die.net/man/2/setuid

As mentioned by Nathan your exe would need an owner of root and the SUID bit in order to elevate itself to the root user with setuid.

In your case I think you just want getuid to check the uid is 0, or root.  Or perhaps geteuid (I'm not sure if this one is POSIX).

Regan