Why can a simple daemon get root permissions, apparently violating security model?
I'm writing a C++ based Linux software daemon for a project that I am working on. Rather than use the system call daemon() defined in <unistd.h> "man 3 daemon", as a learning exercise and for more control I decided to do all of the system calls myself. I found several examples, but ultimately decided to follow the sequence of systems calls given in Richard Stevens' famous tome "UNIX Network Programming, Volume 1". Specifically second 13.4 in chapter 13. Stevens' has the following calls listed:
fork(); setsid(); fork(); umask(0); chdir("/"); close(); When I follow this sequence it does appear to successfully create a daemon. To my surprise however the daemon is running as the root user! This is annoying because it is running on an Ubuntu 13.04 server which I don't have sudo on. Code:
larwillm@ubuntu1304$ ps -ef|grep MyDaemon Can someone please explain what is going on here? How was I able to run a process with root permissions even though I'm not root? Is this process truly running as root? Does it have full root permissions? Does this violate the Linux user permissions security model? Could a properly configured SELinux prevent me from doing this? The full code is below, even though I have attempted to comment the reasons behind each step it does not mean I understand them. All of the process group / session / setsid / umask stuff is new to me (hence the learning exercise). Code:
static void daemonize() |
This was just a coincidence. My process was not actually named "MyDaemon", it was actually named "NetworkManager", which I confused with an existing daemon running on the Ubuntu server. My daemon does not appear to get root permissions.
|
All times are GMT -5. The time now is 08:27 PM. |