linux c 获得root权限,Linux下获取root权限的c程序

Linux下获取root权限的c程序

传递euid和egid给脚本，使脚本具有特殊用户的权限

使脚本实现类似于设置了stick位的效果

shell, python, perl等脚本、程序不能取得suid，因为这些脚本程序需要解释器-/bin/bash, /usr/bin/python等来执行，而这些解释器本身没有suid也不方便设置suid。碰到这种情况可以用c写一个外壳，对这个外壳设置suid，而在c程序里面把自身的uid,gid传递给实际执行任务的脚本。(这个方法是在读周鹏(Roc Zhou )写的工具时学到的)

c程序如下:

/* # ScriptName: transeuid.c

# Author: JH Gao

# Create Date: 2012-06-05

# Function: transmit euid and egid to other scripts

# since shell/python/... scripts can't get suid permission in Linux

# usage: transeuid xxx.sh par1 par2 par3

# xxx.sh will get the euid and egid from transeuid

# ******************************************************************** */

#include

#include

#include

#define BUFFSIZE 1024

/*

* usually euid is the uid who run the program

* but when stick is setted to the program

* euid is the uid or the program's owner

*/

int main(int argc, char *argv[]) {

char *cmd = malloc(BUFFSIZE);

// set uid and gid to euid and egid

setuid(geteuid());

setgid(getegid());

cmd = argv[1];

int i = 0;

for(i = 0;i < argc - 1;i++) {

argv[i] = argv[i+1];

}

argv[argc-1] = NULL;

// search $PATH find this cmd and run it with pars:argv

if (execvp(cmd, argv)) {

printf("error");

free(cmd);

exit(1);

}

free(cmd);

}

编译这个程序，在给这个程序设置希望取得的用户，再设置suid，然后就可以用这个用户的权限执行脚本或命令了:

$ gcc -t transeuid transeuid.c

$ sudo chown root transeuid

$ sudo chmod +s transeuid

$ ./transeuid ls /root /home

/home:

. .. data .directory gp_old jh jh_old lost+found

/root:

. .. .bash_history .bashrc .cache .dbus .profile .pulse .pulse-cookie .viminfo