why i can get root after running system(“/bin/sh”) in c file?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
2
down vote

favorite












I am new to Linux and have a question here about root permission. I am currently logged in as seed and after running test.c, on my Ubuntu system, I get root permission. I am just wondering why system("/bin/sh") can make a such change?



Firstly, I su root and compile test.c in #, and also chmod 4755 test. When I exit #, run file and get root



[04/03/2018 05:27] seed@ubuntu:~/Desktop/assignment$ id
uid=1000(seed) gid=1000(seed) groups=1000(seed),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),109(lpadmin),124(s 
ambashare),130(wireshark),1001(vboxsf)
[04/03/2018 05:27] seed@ubuntu:~/Desktop/assignment$ cat test.c
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>

int main()


system("/bin/sh");
printf("successful!");
return 0;



[04/03/2018 05:27] seed@ubuntu:~/Desktop/assignment$ ./test
# whoami
root
# id 
uid=1000(seed) gid=1000(seed) euid=0(root) groups=0(root),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),109(lpadmin),124(sambashare),130(wireshark),1000(seed),1001(vboxsf)




----update-----



[04/03/2018 06:03] seed@ubuntu:~/Desktop/assignment$ ls -l /bin/sh
lrwxrwxrwx 1 root root 4 Aug 13 2013 /bin/sh -> dash
[04/03/2018 06:04] seed@ubuntu:~/Desktop/assignment$ ls -l test
-rwsr-xr-x 1 root root 7198 Apr 3 05:56 test


[04/03/2018 06:14] seed@ubuntu:~/Desktop/assignment$ uname -a
Linux ubuntu 3.5.0-37-generic #58~precise1-Ubuntu SMP Wed Jul 10 17:51:56 UTC 
2013 i686 i686 i386 GNU/Linux
[04/03/2018 06:14] seed@ubuntu:~/Desktop/assignment$ ./test
# uname -a
Linux ubuntu 3.5.0-37-generic #58~precise1-Ubuntu SMP Wed Jul 10 17:51:56 UTC 2013 i686 i686 i386 GNU/Linux



shell permissions root c




share|improve this question


















  • 2




    Maybe you have set SUID bit on /bin/sh. Please show ls -l /bin/sh.
    – Yurij Goncharuk
    Apr 3 at 13:00






  • 3




    Or maybe you just have SUID on ./test, you should also show us what ls -l test says.
    – Henrik
    Apr 3 at 13:04






  • 3




    This may be because you compiled as root and chmod 4755, so the SUID is set to the owner of the file, in this case is root
    – tachomi
    Apr 3 at 13:07















up vote
2
down vote

favorite












I am new to Linux and have a question here about root permission. I am currently logged in as seed and after running test.c, on my Ubuntu system, I get root permission. I am just wondering why system("/bin/sh") can make a such change?



Firstly, I su root and compile test.c in #, and also chmod 4755 test. When I exit #, run file and get root



[04/03/2018 05:27] seed@ubuntu:~/Desktop/assignment$ id
uid=1000(seed) gid=1000(seed) groups=1000(seed),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),109(lpadmin),124(s 
ambashare),130(wireshark),1001(vboxsf)
[04/03/2018 05:27] seed@ubuntu:~/Desktop/assignment$ cat test.c
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>

int main()


system("/bin/sh");
printf("successful!");
return 0;



[04/03/2018 05:27] seed@ubuntu:~/Desktop/assignment$ ./test
# whoami
root
# id 
uid=1000(seed) gid=1000(seed) euid=0(root) groups=0(root),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),109(lpadmin),124(sambashare),130(wireshark),1000(seed),1001(vboxsf)




----update-----



[04/03/2018 06:03] seed@ubuntu:~/Desktop/assignment$ ls -l /bin/sh
lrwxrwxrwx 1 root root 4 Aug 13 2013 /bin/sh -> dash
[04/03/2018 06:04] seed@ubuntu:~/Desktop/assignment$ ls -l test
-rwsr-xr-x 1 root root 7198 Apr 3 05:56 test


[04/03/2018 06:14] seed@ubuntu:~/Desktop/assignment$ uname -a
Linux ubuntu 3.5.0-37-generic #58~precise1-Ubuntu SMP Wed Jul 10 17:51:56 UTC 
2013 i686 i686 i386 GNU/Linux
[04/03/2018 06:14] seed@ubuntu:~/Desktop/assignment$ ./test
# uname -a
Linux ubuntu 3.5.0-37-generic #58~precise1-Ubuntu SMP Wed Jul 10 17:51:56 UTC 2013 i686 i686 i386 GNU/Linux



shell permissions root c




share|improve this question


















  • 2




    Maybe you have set SUID bit on /bin/sh. Please show ls -l /bin/sh.
    – Yurij Goncharuk
    Apr 3 at 13:00






  • 3




    Or maybe you just have SUID on ./test, you should also show us what ls -l test says.
    – Henrik
    Apr 3 at 13:04






  • 3




    This may be because you compiled as root and chmod 4755, so the SUID is set to the owner of the file, in this case is root
    – tachomi
    Apr 3 at 13:07













up vote
2
down vote

favorite









up vote
2
down vote

favorite











I am new to Linux and have a question here about root permission. I am currently logged in as seed and after running test.c, on my Ubuntu system, I get root permission. I am just wondering why system("/bin/sh") can make a such change?



Firstly, I su root and compile test.c in #, and also chmod 4755 test. When I exit #, run file and get root



[04/03/2018 05:27] seed@ubuntu:~/Desktop/assignment$ id
uid=1000(seed) gid=1000(seed) groups=1000(seed),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),109(lpadmin),124(s 
ambashare),130(wireshark),1001(vboxsf)
[04/03/2018 05:27] seed@ubuntu:~/Desktop/assignment$ cat test.c
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>

int main()


system("/bin/sh");
printf("successful!");
return 0;



[04/03/2018 05:27] seed@ubuntu:~/Desktop/assignment$ ./test
# whoami
root
# id 
uid=1000(seed) gid=1000(seed) euid=0(root) groups=0(root),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),109(lpadmin),124(sambashare),130(wireshark),1000(seed),1001(vboxsf)




----update-----



[04/03/2018 06:03] seed@ubuntu:~/Desktop/assignment$ ls -l /bin/sh
lrwxrwxrwx 1 root root 4 Aug 13 2013 /bin/sh -> dash
[04/03/2018 06:04] seed@ubuntu:~/Desktop/assignment$ ls -l test
-rwsr-xr-x 1 root root 7198 Apr 3 05:56 test


[04/03/2018 06:14] seed@ubuntu:~/Desktop/assignment$ uname -a
Linux ubuntu 3.5.0-37-generic #58~precise1-Ubuntu SMP Wed Jul 10 17:51:56 UTC 
2013 i686 i686 i386 GNU/Linux
[04/03/2018 06:14] seed@ubuntu:~/Desktop/assignment$ ./test
# uname -a
Linux ubuntu 3.5.0-37-generic #58~precise1-Ubuntu SMP Wed Jul 10 17:51:56 UTC 2013 i686 i686 i386 GNU/Linux



shell permissions root c




share|improve this question














I am new to Linux and have a question here about root permission. I am currently logged in as seed and after running test.c, on my Ubuntu system, I get root permission. I am just wondering why system("/bin/sh") can make a such change?



Firstly, I su root and compile test.c in #, and also chmod 4755 test. When I exit #, run file and get root



[04/03/2018 05:27] seed@ubuntu:~/Desktop/assignment$ id
uid=1000(seed) gid=1000(seed) groups=1000(seed),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),109(lpadmin),124(s 
ambashare),130(wireshark),1001(vboxsf)
[04/03/2018 05:27] seed@ubuntu:~/Desktop/assignment$ cat test.c
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>

int main()


system("/bin/sh");
printf("successful!");
return 0;



[04/03/2018 05:27] seed@ubuntu:~/Desktop/assignment$ ./test
# whoami
root
# id 
uid=1000(seed) gid=1000(seed) euid=0(root) groups=0(root),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),109(lpadmin),124(sambashare),130(wireshark),1000(seed),1001(vboxsf)




----update-----



[04/03/2018 06:03] seed@ubuntu:~/Desktop/assignment$ ls -l /bin/sh
lrwxrwxrwx 1 root root 4 Aug 13 2013 /bin/sh -> dash
[04/03/2018 06:04] seed@ubuntu:~/Desktop/assignment$ ls -l test
-rwsr-xr-x 1 root root 7198 Apr 3 05:56 test


[04/03/2018 06:14] seed@ubuntu:~/Desktop/assignment$ uname -a
Linux ubuntu 3.5.0-37-generic #58~precise1-Ubuntu SMP Wed Jul 10 17:51:56 UTC 
2013 i686 i686 i386 GNU/Linux
[04/03/2018 06:14] seed@ubuntu:~/Desktop/assignment$ ./test
# uname -a
Linux ubuntu 3.5.0-37-generic #58~precise1-Ubuntu SMP Wed Jul 10 17:51:56 UTC 2013 i686 i686 i386 GNU/Linux




shell permissions root c





share|improve this question













share|improve this question




share|improve this question








edited Apr 3 at 13:17

























asked Apr 3 at 12:37









hei

142




142







  • 2




    Maybe you have set SUID bit on /bin/sh. Please show ls -l /bin/sh.
    – Yurij Goncharuk
    Apr 3 at 13:00






  • 3




    Or maybe you just have SUID on ./test, you should also show us what ls -l test says.
    – Henrik
    Apr 3 at 13:04






  • 3




    This may be because you compiled as root and chmod 4755, so the SUID is set to the owner of the file, in this case is root
    – tachomi
    Apr 3 at 13:07













  • 2




    Maybe you have set SUID bit on /bin/sh. Please show ls -l /bin/sh.
    – Yurij Goncharuk
    Apr 3 at 13:00






  • 3




    Or maybe you just have SUID on ./test, you should also show us what ls -l test says.
    – Henrik
    Apr 3 at 13:04






  • 3




    This may be because you compiled as root and chmod 4755, so the SUID is set to the owner of the file, in this case is root
    – tachomi
    Apr 3 at 13:07








2




2




Maybe you have set SUID bit on /bin/sh. Please show ls -l /bin/sh.
– Yurij Goncharuk
Apr 3 at 13:00




Maybe you have set SUID bit on /bin/sh. Please show ls -l /bin/sh.
– Yurij Goncharuk
Apr 3 at 13:00




3




3




Or maybe you just have SUID on ./test, you should also show us what ls -l test says.
– Henrik
Apr 3 at 13:04




Or maybe you just have SUID on ./test, you should also show us what ls -l test says.
– Henrik
Apr 3 at 13:04




3




3




This may be because you compiled as root and chmod 4755, so the SUID is set to the owner of the file, in this case is root
– tachomi
Apr 3 at 13:07





This may be because you compiled as root and chmod 4755, so the SUID is set to the owner of the file, in this case is root
– tachomi
Apr 3 at 13:07











1 Answer
1






active

oldest

votes

















up vote
3
down vote













First, you compile your program as root, so resulting binary is owned by root:



[04/03/2018 06:04] seed@ubuntu:~/Desktop/assignment$ ls -l test
-rwsr-xr-x 1 root root 7198 Apr 3 05:56 test
# ^^^^


Second, by running chmod 4755 test you set setuid bit on ./test:



[04/03/2018 06:04] seed@ubuntu:~/Desktop/assignment$ ls -l test
-rwsr-xr-x 1 root root 7198 Apr 3 05:56 test
# ^


That means, your binary is run as its file owner (=root), not as user that started it. That's why /bin/sh spawned by it is also run by root.






share|improve this answer




















  • That's correct. The inquiry in here is why ending the program, the effective user stays as root?
    – tachomi
    Apr 3 at 13:52










  • @tachomi the program hasn't yet ended; it's still running the subshell.
    – roaima
    Apr 3 at 14:31










Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);








 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f435264%2fwhy-i-can-get-root-after-running-system-bin-sh-in-c-file%23new-answer', 'question_page');

);

Post as a guest

















1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
3
down vote













First, you compile your program as root, so resulting binary is owned by root:



[04/03/2018 06:04] seed@ubuntu:~/Desktop/assignment$ ls -l test
-rwsr-xr-x 1 root root 7198 Apr 3 05:56 test
# ^^^^


Second, by running chmod 4755 test you set setuid bit on ./test:



[04/03/2018 06:04] seed@ubuntu:~/Desktop/assignment$ ls -l test
-rwsr-xr-x 1 root root 7198 Apr 3 05:56 test
# ^


That means, your binary is run as its file owner (=root), not as user that started it. That's why /bin/sh spawned by it is also run by root.






share|improve this answer




















  • That's correct. The inquiry in here is why ending the program, the effective user stays as root?
    – tachomi
    Apr 3 at 13:52










  • @tachomi the program hasn't yet ended; it's still running the subshell.
    – roaima
    Apr 3 at 14:31














up vote
3
down vote













First, you compile your program as root, so resulting binary is owned by root:



[04/03/2018 06:04] seed@ubuntu:~/Desktop/assignment$ ls -l test
-rwsr-xr-x 1 root root 7198 Apr 3 05:56 test
# ^^^^


Second, by running chmod 4755 test you set setuid bit on ./test:



[04/03/2018 06:04] seed@ubuntu:~/Desktop/assignment$ ls -l test
-rwsr-xr-x 1 root root 7198 Apr 3 05:56 test
# ^


That means, your binary is run as its file owner (=root), not as user that started it. That's why /bin/sh spawned by it is also run by root.






share|improve this answer




















  • That's correct. The inquiry in here is why ending the program, the effective user stays as root?
    – tachomi
    Apr 3 at 13:52










  • @tachomi the program hasn't yet ended; it's still running the subshell.
    – roaima
    Apr 3 at 14:31












up vote
3
down vote










up vote
3
down vote









First, you compile your program as root, so resulting binary is owned by root:



[04/03/2018 06:04] seed@ubuntu:~/Desktop/assignment$ ls -l test
-rwsr-xr-x 1 root root 7198 Apr 3 05:56 test
# ^^^^


Second, by running chmod 4755 test you set setuid bit on ./test:



[04/03/2018 06:04] seed@ubuntu:~/Desktop/assignment$ ls -l test
-rwsr-xr-x 1 root root 7198 Apr 3 05:56 test
# ^


That means, your binary is run as its file owner (=root), not as user that started it. That's why /bin/sh spawned by it is also run by root.






share|improve this answer












First, you compile your program as root, so resulting binary is owned by root:



[04/03/2018 06:04] seed@ubuntu:~/Desktop/assignment$ ls -l test
-rwsr-xr-x 1 root root 7198 Apr 3 05:56 test
# ^^^^


Second, by running chmod 4755 test you set setuid bit on ./test:



[04/03/2018 06:04] seed@ubuntu:~/Desktop/assignment$ ls -l test
-rwsr-xr-x 1 root root 7198 Apr 3 05:56 test
# ^


That means, your binary is run as its file owner (=root), not as user that started it. That's why /bin/sh spawned by it is also run by root.







share|improve this answer












share|improve this answer



share|improve this answer










answered Apr 3 at 13:49









el.pescado

7310




7310











  • That's correct. The inquiry in here is why ending the program, the effective user stays as root?
    – tachomi
    Apr 3 at 13:52










  • @tachomi the program hasn't yet ended; it's still running the subshell.
    – roaima
    Apr 3 at 14:31
















  • That's correct. The inquiry in here is why ending the program, the effective user stays as root?
    – tachomi
    Apr 3 at 13:52










  • @tachomi the program hasn't yet ended; it's still running the subshell.
    – roaima
    Apr 3 at 14:31















That's correct. The inquiry in here is why ending the program, the effective user stays as root?
– tachomi
Apr 3 at 13:52




That's correct. The inquiry in here is why ending the program, the effective user stays as root?
– tachomi
Apr 3 at 13:52












@tachomi the program hasn't yet ended; it's still running the subshell.
– roaima
Apr 3 at 14:31




@tachomi the program hasn't yet ended; it's still running the subshell.
– roaima
Apr 3 at 14:31












 

draft saved


draft discarded


























 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f435264%2fwhy-i-can-get-root-after-running-system-bin-sh-in-c-file%23new-answer', 'question_page');

);

Post as a guest
































































-

Popular posts from this blog

Peggy Mitchell

Image
EastEnders character This article is about the soap opera character. For the British tennis player, see Peggy Michell. For the author, see Margaret Mitchell. Peggy Mitchell Barbara Windsor as Peggy Mitchell (2008) EastEnders character Portrayed by Jo Warne (1991) Barbara Windsor (1994–2016) Duration 1991, 1994–2010, 2013–2016 First appearance Episode 650 30 April 1991  ( 1991-04-30 ) Last appearance Episode 5286 17 May 2016  ( 2016-05-17 ) (appearance) Episode 5287 19 May 2016 (voiceover) Introduced by Michael Ferguson (1991) Barbara Emile (1994) Louise Berridge (2004) Kate Harwood (2005) Lorraine Newman (2013) Dominic Treadwell-Collins (2014) Spin-off appearances The Mitchells - Naked Truths (1998) Classification Former; regular Profile Other names Peggy Butcher Occupation Barmaid Businesswoman Pub landlady Jo Warne as Peggy Mitchell (1991) Family Family Mitchell Father Jack Martin Mother Lily Martin Sisters Aunt ...
Read more

Palaiologos

Image
Palaiologos Παλαιολόγος Palaeologus, Palaeologue Imperial Family Double-headed eagle with the family cypher Country Byzantine Empire, Duchy of Montferrat (remaining lineage after Empire annexed by Ottomans) Founded 11th century  ( 11th century ) Founder Nikephoros Palaiologos (first known) Final ruler Constantine XI Palaiologos (Byzantine Empire) Margaret Paleologa (Montferrat) Titles Byzantine Emperor Marquess of Montferrat Style(s) "Augustus" "Basileus" "Autokrator" Traditions Greek Orthodoxy (predominantly) Roman Catholicism (remaining lineage in Montferrat) Dissolution 1533  ( 1533 ) Cadet branches Claimants: House of Kastrioti (defunct) House of Rurik (defunct) Palaiologan dynasty Chronology Michael VIII 1259–1282 with Andronikos II as co-emperor, 1261–1282 Andronikos II 1282–1328 with Michael IX (1294–1320) and Andronikos III (1321–1328) as co-emperors Andronikos III 1328–1341 John...
Read more

The Forum (Inglewood, California)

Image
The Forum "LA Forum" Prairie Ave. façade of The Forum in 2014 Full name The Forum, presented by Chase Former names The Forum (1967–1988) Great Western Forum (1988–2003) Address 3900 W. Manchester Blvd Location Inglewood, California Coordinates Coordinates: 33°57′29″N 118°20′31″W  /  33.95806°N 118.34194°W  / 33.95806; -118.34194 Public transit     Downtown Inglewood station Owner The Madison Square Garden Company Operator MSG Entertainment Seating type Reserved Capacity 17,500 Half-bowl: 8,000 Construction Broke ground July 1, 1966  ( 1966-07-01 ) Opened December 30, 1967  ( 1967-12-30 ) Renovated 1988, 2012–2014 Construction cost $16 million Renovation: 2014: $76.5 million Architect Charles Luckman Associates (original) Brisbin Brook Beynon (renovation) Structural engineer Johnson & Nielsen Associates (original) Severud Associates (renovation) Genera...
Read more