Root priviledges can be restored after setuid(1000) in musl libc

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












musl libc allows you to change uid to root even after supposedly dropping permissions with setuid(1000). I am not able to reproduce the problem with glibc.



Code:



#define _GNU_SOURCE
#include <unistd.h>
#include <stdio.h>

int main(void)
uid_t r, e, s;

getresuid(&r, &e, &s);
printf("%d %d %dn", r, e, s);

if (setuid(1000) != 0)
puts("setuid(1000) failed");
else
puts("setuid(1000) succeded");

getresuid(&r, &e, &s);
printf("%d %d %dn", r, e, s);

if (setuid(0) != 0)
puts("setuid(0) failed");
else
puts("setuid(0) succeded");

getresuid(&r, &e, &s);
printf("%d %d %dn", r, e, s);

return 0;



which after compiling with gcc -o setuidtest setuidtest.c produces the following output when running as root



0 0 0
setuid(1000) succeded
1000 1000 1000
setuid(0) succeded
0 0 0


I am running Void Linux with kernel version 4.18_1 and musl version 1.1.20_2










share|improve this question

























    up vote
    0
    down vote

    favorite












    musl libc allows you to change uid to root even after supposedly dropping permissions with setuid(1000). I am not able to reproduce the problem with glibc.



    Code:



    #define _GNU_SOURCE
    #include <unistd.h>
    #include <stdio.h>

    int main(void)
    uid_t r, e, s;

    getresuid(&r, &e, &s);
    printf("%d %d %dn", r, e, s);

    if (setuid(1000) != 0)
    puts("setuid(1000) failed");
    else
    puts("setuid(1000) succeded");

    getresuid(&r, &e, &s);
    printf("%d %d %dn", r, e, s);

    if (setuid(0) != 0)
    puts("setuid(0) failed");
    else
    puts("setuid(0) succeded");

    getresuid(&r, &e, &s);
    printf("%d %d %dn", r, e, s);

    return 0;



    which after compiling with gcc -o setuidtest setuidtest.c produces the following output when running as root



    0 0 0
    setuid(1000) succeded
    1000 1000 1000
    setuid(0) succeded
    0 0 0


    I am running Void Linux with kernel version 4.18_1 and musl version 1.1.20_2










    share|improve this question























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      musl libc allows you to change uid to root even after supposedly dropping permissions with setuid(1000). I am not able to reproduce the problem with glibc.



      Code:



      #define _GNU_SOURCE
      #include <unistd.h>
      #include <stdio.h>

      int main(void)
      uid_t r, e, s;

      getresuid(&r, &e, &s);
      printf("%d %d %dn", r, e, s);

      if (setuid(1000) != 0)
      puts("setuid(1000) failed");
      else
      puts("setuid(1000) succeded");

      getresuid(&r, &e, &s);
      printf("%d %d %dn", r, e, s);

      if (setuid(0) != 0)
      puts("setuid(0) failed");
      else
      puts("setuid(0) succeded");

      getresuid(&r, &e, &s);
      printf("%d %d %dn", r, e, s);

      return 0;



      which after compiling with gcc -o setuidtest setuidtest.c produces the following output when running as root



      0 0 0
      setuid(1000) succeded
      1000 1000 1000
      setuid(0) succeded
      0 0 0


      I am running Void Linux with kernel version 4.18_1 and musl version 1.1.20_2










      share|improve this question













      musl libc allows you to change uid to root even after supposedly dropping permissions with setuid(1000). I am not able to reproduce the problem with glibc.



      Code:



      #define _GNU_SOURCE
      #include <unistd.h>
      #include <stdio.h>

      int main(void)
      uid_t r, e, s;

      getresuid(&r, &e, &s);
      printf("%d %d %dn", r, e, s);

      if (setuid(1000) != 0)
      puts("setuid(1000) failed");
      else
      puts("setuid(1000) succeded");

      getresuid(&r, &e, &s);
      printf("%d %d %dn", r, e, s);

      if (setuid(0) != 0)
      puts("setuid(0) failed");
      else
      puts("setuid(0) succeded");

      getresuid(&r, &e, &s);
      printf("%d %d %dn", r, e, s);

      return 0;



      which after compiling with gcc -o setuidtest setuidtest.c produces the following output when running as root



      0 0 0
      setuid(1000) succeded
      1000 1000 1000
      setuid(0) succeded
      0 0 0


      I am running Void Linux with kernel version 4.18_1 and musl version 1.1.20_2







      linux security setuid






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked 17 mins ago









      apilat

      61




      61

























          active

          oldest

          votes











          Your Answer







          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "106"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f478738%2froot-priviledges-can-be-restored-after-setuid1000-in-musl-libc%23new-answer', 'question_page');

          );

          Post as a guest



































          active

          oldest

          votes













          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes















           

          draft saved


          draft discarded















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f478738%2froot-priviledges-can-be-restored-after-setuid1000-in-musl-libc%23new-answer', 'question_page');

          );

          Post as a guest













































































          Popular posts from this blog

          How to check contact read email or not when send email to Individual?

          Displaying single band from multi-band raster using QGIS

          How many registers does an x86_64 CPU actually have?