I'm running this code to change the real uid if a process:
#include <cstdlib>
#include <cstdio>
#include <errno.h>
#include <sys/types.h>
#include <unistd.h>
void printstat()
{
printf("uid: %d, euid: %d\n",getuid(),geteuid());
}
int main(int argc, char** argv)
{
if (argc < 2)
{
return -1;
}
int m_targetUid = atoi(argv[1]);
printstat();
uid_t realUID = getuid();
printf("Setting effective uid to %d\n",m_targetUid);
seteuid(m_targetUid);
printstat();
if (m_targetUid != realUID)
{
printf("Setting real uid to %d\n",m_targetUid);
int res = setuid(m_targetUid);
printf("setuid(%d) returned: %d\n",m_targetUid,res);
if (0 > setuid(m_targetUid))
{
printf("setuid(%d) failed: %d, getuid() returned %d, geteuid returned %d\n",m_targetUid,errno,realUID,geteuid());
exit(-1);
}
}
}
according to the man page, the setuid functino shouldn't fail if the effective userid is equal to the specified uid, but for some reason it fails. any ideas?
man page:
The setuid() function sets the real and effective user IDs and the saved set-user-ID of the current process to the specified value. The setuid() function is permitted if the effective user ID is that of the
super user, or if the specified user ID is the same as the effective user ID. If not, but the specified user ID is the same as the real user ID, setuid() will set the effective user ID to the real user ID.
and this is the output when i run it as root:
nnlnb-mm-041: root# /tmp/setuidBug 70
uid: 0, euid: 0
Setting effective uid to 70
uid: 0, euid: 70
Setting real uid to 70
setuid(70) returned: -1
setuid(70) failed: 1, getuid() returned 0, geteuid returned 70
I finally managed to solve it, apparently in macos you have to set the effective uid back to root for it to work. code below.
and the output now is: