auRatoh6oo | # 1 | 2015-02-03, 09:34 | Report

Hello Everybody

I toyed with the idea of developing a small app, which might require root privilege. It wouldn't be a problem if I only did this for myself and echo my root password to devel-su. Since this is not really practical if I'd share the application on Warehouse, I'm in search for a better solution.

Best Regards

---

Last edited by auRatoh6oo; 2015-02-03 at 10:06.

coderus | # 2 | 2015-02-03, 09:47 | Report

use suid bit and setuid(0) in main
https://github.com/CODeRUS/powermenu...menu.spec#L101
https://github.com/CODeRUS/powermenu...c/main.cpp#L54

skanky | # 3 | 2015-02-03, 09:54 | Report

Schturman has a number of applications that simply start others as root (see https://openrepos.net/user/365/programs?page=0%2C0 ). I don't know where the source code is, but it suggests to me that there's a generic way to package it.


EDIT: beaten to it.

auRatoh6oo | # 4 | 2015-02-03, 09:54 | Report

I must be honst, I'm a fairly inexperienced in this, so please forgive me if my questions appear trival to you: Basically that would be the same as using chmod from the command line, wouldn't it?
Would this privilege evelation be that simple for every program on warehouse?
Since not the whole app would use, just some parts of it, could I get evelated privileges just for the critical parts and run the other code as normal user?


Edit: Remarking your edit: WOW! Thank you, that helped a lot! So for the critical code, I'd use this in the beginning. Dropping privileges would be setuid(1)?

---

Last edited by auRatoh6oo; 2015-02-03 at 10:00.

coderus | # 5 | 2015-02-03, 10:02 | Report

basically you shouldn't setuid in runtime. you making some kind of helper binary which only doing some operations requires root privileges.
and sure, 4755 in spec file is same to chmod

auRatoh6oo | # 6 | 2015-02-03, 10:05 | Report

Ah, I see, thank you!