I have a tool which downloads photos from a digital camera which appears as a removable USB device. It includes the following code:
my $u = $<; setuid(0) || die "Cannot change UID from $u to 0"; system(split(' ','/sbin/modprobe usb-storage')); setuid($u) || die "Cannot drop privileges"; system(split(' ','/sbin/mount /mnt/usb/flash')); [do some file manipulation in here] chdir ('/'); system(split(' ','/sbin/umount /mnt/usb/flash')); sleep (2); # this is pure raging paranoia setuid(0) || die "Cannot change UID from $u to 0"; system(split(' ','/sbin/modprobe -r usb-storage')); setuid($u) || die "Cannot drop privileges";
The tool is mode 6775 root:console. Invariably, the first setuid(0) succeeds, as does the first setuid($u). Also invariably, the second setuid(0) fails, as in the following example:
babylon5:alaric:~:17 $ getpics Will copy images from camera canon /mnt/usb/flash/dcim is mounted /mnt/usb/flash/dcim/104canon/img_0458.jpg -> /minbar/camera/canon/img_ +0458.jpg /mnt/usb/flash/dcim/104canon/img_0459.jpg -> /minbar/camera/canon/img_ +0459.jpg /mnt/usb/flash/dcim/104canon/img_0460.jpg -> /minbar/camera/canon/img_ +0460.jpg Cannot become root from UID 1000! at /usr/local/bin/getpics line 133. babylon5:alaric:~:18 $
Can anyone offer any explanation of why this might happen?
In reply to An odd failure of setuid(0) by Llew_Llaw_Gyffes
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |