如何让程序临时获得root权限代码

使用getuid()/setuid()函数，让程序临时获得root权限代码:

/* 
 * gcc -g -o test-uid test-uid.c
 * chown root.root ./test-uid
 * chmod 4755 ./test-uid
 * ls -al /var
 * */
#include<stdio.h>
#include<unistd.h>
#include<sys/types.h>
int
main(int argc, char **argv)
{
  // save user uid
  uid_t uid = getuid();
  // get root authorities
  if(setuid(0)) {
        printf("test-uid: setuid error");
        return -1;
  }
  printf("test-uid: run as root, setuid is 0\n");
  system ("touch /var/testroot");

  // rollback user authorities
  if(setuid(uid)) {
        printf("test-uid: setuid error");
        return -1;
  }
  printf("test-uid: run as user, setuid is %d\n", uid);
  system ("touch /var/testuser");

  return 0;
}

 

编译后，使用socol用户，执行test-uid程序获取临时root权限在/var目录下建立testroot 文件:

[socol@localhost test]$ gcc -g -o test-uid test-uid.c

[socol@localhost test]$ ll

-rwx r-xr-x. 1 socol socol 6662 Nov  8 11:45 test-uid

[socol@localhost test]$ sudo chown root.root ./test-uid
[socol@localhost test]$ sudo chmod 4755 ./test-uid

[socol@localhost test]$ ll

-rws r-xr-x. 1 root root 6662 Nov  8 11:51 test-uid

[socol@localhost test]$ ls -al /var

total 92
drwxr-xr-x. 22 root root 4096 Aug  9 12:38 .
dr-xr-xr-x. 24 root root 4096 Nov  8 10:39 ..
drwxr-xr-x.  2 root root 4096 Aug  9 12:22 account
drwxr-xr-x. 17 root root 4096 Aug 11 14:41 cache
drwxr-xr-x.  2 root root 4096 Oct 16  2009 cvs
drwxr-xr-x.  3 root root 4096 Aug  9 12:22 db
drwxr-xr-x.  3 root root 4096 Aug  9 12:31 empty

... ...

[socol@localhost test]$ ./test-uid

[socol@localhost test]$ ls -al /var
total 92
drwxr-xr-x. 22 root root 4096 Nov  8 11:51 .
dr-xr-xr-x. 24 root root 4096 Nov  8 10:39 ..
drwxr-xr-x.  2 root root 4096 Aug  9 12:22 account
drwxr-xr-x. 38 root root 4096 Nov  8 11:45 run
drwxr-xr-x. 14 root root 4096 Aug  9 12:37 spool
-rw-rw-r--.  1 root socol    0 Nov  8 11:51 testroot
drwxrwxrwt.  4 root root 4096 Nov  8 11:29 tmp
... ...