I've written and compiled a short program to allow any user to change the contents of my /sys/class/backlight/intel_backlight/brightness
file, but I fail to escalate their permissions. What could I be missing.
#include <stdio.h>
#include <stdlib.h>
#define FILENAME "/sys/class/backlight/intel_backlight/brightness"
int main (int argc, char * argv[])
{
int res;
setuid(0); // I didn't intend to keep this, but I included it just in case
printf("euid %d\n", geteuid());
system("whoami");
// Attempt to open FILENAME; print "Can't open..." on failure
}
Yet, whoami
consistently returns exampleuser
instead of root
, and the program consistently fails to open the output file.
I compile it and set the uid bit then run the program:
$ gcc -o example.bin example.c # compile
$ sudo chown root:root example.bin # set owner & group
$ sudo chmod 4770 example.bin # set uid bit
$ ./example.bin 75 # execute
euid 1000
exampleuser
Can't open output file /sys/class/backlight/intel_backlight/brightness
The target output file does exist:
$ ls -l /sys/class/backlight/intel_backlight/brightness
-rw-r--r-- 1 root root 4096 May 2 07:57 /sys/class/backlight/intel_backlight/brightness
I'm running Ubuntu 14.04 LTS
Best Answer
Either the filesystem is doesn't support setuid executables (because it's mounted with the
nosuid
option, or because it's a FUSE filesystem mounted by a non-root user), or there is a security framework such as SELinux or AppArmor that prevents setuid here (I don't think Ubuntu sets up anything like this though). That, or you didn't actually run these commands — you've made the file non-executable by others, so they'd only work if you were in theroot
group, which you shouldn't be.This isn't a good way to do it anyway. It's a lot simpler to change the permissions on the file.
Use a group that you're a member of, if you aren't a member of the
users
group.Add these commands to
/etc/rc.local
or some other script that is executed near the end of the boot sequence.