c - setuid() 失败 - 不允许操作

Question

changeIDs() is trying to use setuid() to change the effective user id but it always errors out and I'm not sure why.

我在计算机上有两个用户。用户是 UID 为 1000 的管理员。另一个标准用户用户 2 的 UID 为 1001。

我想使用这个程序将用户 2 的有效 UID 设置为用户 1 的有效 UID (1000)。为什么 setuid() 一直报错？

我确保也在程序可执行文件上运行 chmod u+s，但它仍然失败。

setuid() 错误 - errno:不允许操作

还有，你知道为什么 E 在我的 perror 字符串中被截断了吗？

#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <getopt.h>
#include <ctype.h>
#include <string.h>
#include <sys/types.h>
#include <errno.h>

void getArguments(int argc, char **argv);
void displayIDs();
void changeID(int userid);



int main(int argc, char **argv)
{
    getArguments(argc, argv);

    return 0;
}



/*
 * The program accepts an option of “c” followed by a numeric user id.
 * When executing the program with the c option followed by a user id,
 * the system displays the real, effective, and saved set user id,
 * then attempts to change the effective user id to the numeric user
 * id passed into the application, and then displays the real,
 * effective, and saved set user id. (20 pts)
 */
void changeID(int userid)
{
    printf("Original IDs:\n==================\n");
    displayIDs();

    uid_t newid = (uid_t)userid;

    //pass the id var as references as outlined in the setuid() man pages
    //error check, fail returns -1
    /*
    if(setresuid(&newid, &newid, &newid) == -1)
    {
        perror("Error with setuid() - errno " + errno);
    }
    */


    if(setuid(&newid) == -1)
    {
        perror("Error with setuid() - errno " + errno);
    }


    printf("\n(Attempted) Changed IDs:\n==================\n");
    displayIDs();
}



/*
 * The program accepts an option of “g.”
 * When executing the program with the g option,
 * the system displays the real, effective,
 * and saved set user id. (10 pts)
 */
void displayIDs()
{
    uid_t ruid;//real user id
    uid_t euid;//effective user id
    uid_t suid;//saved set id

    //pass the id vars as references as outlined in the getresuid() man pages
    //error check, fail returns -1
    if ( getresuid(&ruid, &euid, &suid) == -1)
    {
        perror("Error with getresuid() - errno " + errno);
    }

    printf("Real User ID: %d\n", ruid);
    printf("Effective User ID: %d\n", euid);
    printf("Saved Set User ID: %d\n", suid);
}



//get the arguments from the command line and pass it into the program, calling the right function
void getArguments(int argc, char **argv)
{
    int option = 0;

    while ((option = getopt(argc, argv, "gc:")) != -1)
    {

        switch (option)
        {
             case 'g' :
                 displayIDs();
                 break;
             case 'c' :
                 changeID(optarg);
                 break;
             case '?' :
                 printf("Invalid argument\n");
                 break;
             default:
                 printf("Invalid - no argument (g or c)\n");
                 break;
        }
    }
}

Answer 1

rror with setuid() - errno : Operation not permitted

Also, do you know why the E in cut off in my perror strings?

这是因为你传递了perror() "Error with setuid() - errno "+ errno，相当于&"Error with setuid( ) - errno "[errno]，它(因为 errno 等于 1)等于字符串的第二个 char 的地址。
您似乎习惯了带有连接运算符 + 的语言，而 C 中并非如此。