LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 10-08-2005, 02:29 PM   #1
freakin'me
Member
 
Registered: Aug 2005
Distribution: Debian Sarge
Posts: 31

Rep: Reputation: 15
Run c++ executable as l inux system user?


Hi,

I want/need to run one of the programs I made using c++ as a system linux user. I still got the source, so recompiling won't be a problem.

anybody who knows how I should do this?

Regards,

Freakin'me
 
Old 10-08-2005, 02:39 PM   #2
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,060

Rep: Reputation: 295Reputation: 295Reputation: 295
Just start the executable as the user you want to run it as; no recompile necessary. Unless the setuid bit is set this will work. You can force an executable to run as a particular user with the setuis bit (chmod u+s /path/to/exe) but you really shouldn't unless you know what you're doing, because it can be a security risk with a poorly written program.
 
Old 10-08-2005, 02:55 PM   #3
freakin'me
Member
 
Registered: Aug 2005
Distribution: Debian Sarge
Posts: 31

Original Poster
Rep: Reputation: 15
The program I'm talking about is used to add linux users (remove and change them as well) restarting apache, and view detailed information about ram use and stuff. For this reason it seems to me that this program should be run with an account that has root privileges (correct me if I'm wong plz). Could you go a little deeper into that chmod? I dont really get it.

By the way, I'll make sure it isn't poorly written, so that won't be a problem.

Regards,

Freakin'me
 
Old 10-08-2005, 03:32 PM   #4
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,060

Rep: Reputation: 295Reputation: 295Reputation: 295
The chmod u+s <executable> command sets the setuid bit on the binary. This means that the program will be run with the privileges of the owner of the file, not the person who executed the command. For example, normal users aren't permitted to edit /etc/passwd or /etc/shadow, but must be able to change their passwords. So the passwd program is owned by root and has the setuid bit turned on so it runs as root regardless of who invokes it. You'll want to do something similar to your program, I imagine.

Be *very* careful to validate user input and don't leave your code susceptable to buffer overflows. There are numerous ways to subvert setuid programs so you really have to be careful.
 
Old 10-08-2005, 03:43 PM   #5
freakin'me
Member
 
Registered: Aug 2005
Distribution: Debian Sarge
Posts: 31

Original Poster
Rep: Reputation: 15
Quote:
Originally posted by btmiller Be *very* careful to validate user input and don't leave your code susceptable to buffer overflows. There are numerous ways to subvert setuid programs so you really have to be careful. [/B]
Maybe this isn't the right spot to ask, however, how can I prevent buffer overflows, and how can I prevent this subverting?
 
Old 10-08-2005, 05:55 PM   #6
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,060

Rep: Reputation: 295Reputation: 295Reputation: 295
Secure programming is a large topic. In terms of buffer overflows, simply don't stuff more data into a memory area than you've designed it to hold. This can be tough because many of the default C string handling functions don't do bounds checking. I really don't know that much about C++, but if you stick with the String data type you should be mostly OK, I think (someone correct me if I'm wrong on here).

Otherwise, validate user input, in particular, make sure that the user can't craft input that makes the program do bad things like create a new user with a uid of 0 (giving it root privs). It's a big topic, so I'd suggest doing some research, but basically code defensively, don't make assumptions, and certainly don't trust user input without validating it!
 
Old 10-08-2005, 05:59 PM   #7
freakin'me
Member
 
Registered: Aug 2005
Distribution: Debian Sarge
Posts: 31

Original Poster
Rep: Reputation: 15
Thanks,

And how about that subverting?
 
Old 10-09-2005, 01:37 PM   #8
Valhalla
Member
 
Registered: Nov 2004
Location: Atlanta
Distribution: Gentoo 2005.1, Ubuntu 5.10
Posts: 267

Rep: Reputation: 30
Basically, you can subvert programs that execute command directly on the system a very simple example would be the system call System() function. Never would anyone write a program like this, but it serves a good example. Say you wrote a short C program that takes a system path as imput and executes system("ls /path/on/box"), say for example, that this program was setuid as root, and the user executed it by giving it the path /home/foo && rm -rf / . Thus, the program would execute a command such as ls /home/foo && rm -rf /. If the program was setuid as root, bad things would happen. Just an example
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to run executable files? Kelley Linux - Newbie 30 02-06-2011 06:47 AM
an executable that does not run jgoggel Programming 2 07-22-2004 07:54 PM
How to run programs using executable name ravykanth Linux - Newbie 1 10-05-2003 11:45 PM
run executable files ZeRo69er Linux - Software 4 08-07-2003 02:26 AM
How do I run my executable?? scott7500 Programming 2 12-30-2001 04:22 PM


All times are GMT -5. The time now is 09:55 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration