phpclinuxcentossuid

Setuid on scripts with C wrapper


i've just want to use a php script with root permission with a C wrapper like this tutorial.

ls -l :

-rwsr-xr-x. 1 root root 6466 Aug 15 03:07 createConfig
-rwxrwxrwx. 1 root root  102 Aug 15 04:23 test.php
-rw-r--r--. 1 root root  822 Aug 14 21:35 index.php

createConfig.c :

#include <sys/types.h>
#include <unistd.h>
#include <stdio.h>

int main(void) {
    system("/usr/bin/php /var/www/html/test.php");
    return 0;
}

test.php :

<?php
mkdir("/root/ourDir");
?>

index.php :

<?php
exec("/var/www/html/createConfig");
?>

but when run index.php on browser i got this error :

sh: /var/www/html/createConfig: Permission denied

Thanks


Solution

  • You should put setgid(getegid()); setuid(geteuid()) before calling system().

    As a side-note, the way the file permissions are set up in your example, your "solution" is totally unsecure. Any user can change the contents of the .php script to be run by that setuid C program, and then use the C program to execute the changed contents as root.