Thursday, February 7, 2013

Unix setuid demo

uid.c

#include <stdio.h>

int main() {
printf("real uid: %d\n", getuid());
printf("effective uid: %d\n", geteuid());

}

command:


MacBook-Pro:security w$ gcc -o uid uid.c
MacBook-Pro:security w$ ls -l uid
-rwxr-xr-x  1 w  staff  8784 Feb  7 17:37 uid
MacBook-Pro:security w$ ./uid
real uid: 501
effective uid: 501        still all 501
MacBook-Pro:security w$ sudo chown root ./uid
MacBook-Pro:security w$ ls -l uid
-rwxr-xr-x  1 root  staff  8784 Feb  7 17:37 uid         
MacBook-Pro:security w$ ./uid
real uid: 501
effective uid: 501
MacBook-Pro:security w$ chmod u+s ./uid
chmod: Unable to change file mode on ./uid: Operation not permitted
MacBook-Pro:security w$ sudo chmod u+s ./uid
MacBook-Pro:security w$ ls -l uid
-rwsr-xr-x  1 root  staff  8784 Feb  7 17:37 uid
MacBook-Pro:security w$ ./uid
real uid: 501
effective uid: 0


No comments:

Post a Comment