site  contact  subhomenews

Workaround when setuid is ignored

June 29, 2023 — BarryK

I posted about 'sudo-sh', a replacement for sudo:

Then about electron-based apps ignoring the setuid bit on executables:

I have implemented a workaround. /usr/bin/sudo-sh.c now has this code at the beginning:

 //the idea is that if sudo-sh setuid has been ignored (ex: electron app)
//then write the params to sudosh_pass file, which will be read by /root/Startup/sudo-sh-ipc
//which will call /usr/bin/sudo-sh as root, with the params.
int euid = geteuid();
if (euid != 0) {
char ipcfile[] = "/tmp/pup_event_ipc/sudosh_pass";
char outmsg[512];
int x;
//argv[0] is name of this prog, ignore that...
for (x=1; x<argc; x++) {
strcat(outmsg," ");
int ipcdescr = open(ipcfile, O_WRONLY|O_APPEND); //|O_CREAT
if (ipcdescr > 0) {
int wr = write(ipcdescr,outmsg,strlen(outmsg));
//wait for ack from /root/Startup/sudo-sh-ipc...
system("inotifywait -q -q -t 2 -e modify /tmp/pup_event_ipc/sudosh_ack");

There is a daemon, /root/Startup/sudo-sh-ipc, that will execute the required setuid binary as the root user. Commit:

Can't say that I'm happy with this. The workaround is a hack and has some limitations.  

Tags: easy