C Privilege Escalation (With Password)

views:

159

answers:

+2 Q:

C Privilege Escalation (With Password)

Hey everyone,

I need to write a C program that will allow me to read/write files that are owned by root. However, I can only run the code under another user. I have the root password, but there are no "sudo" or "su" commands on the system, so I have no way of accessing the root account (there are practically no shell commands whatsoever, actually). I don't know a whole lot about UNIX permissions, so I don't know whether or not it is actually possible to do this without exploiting the system in some way or running a program owned by root itself (with +s or whatever). Any advice?

Thanks!

P.S. No, this isn't anything malicious, this is on an iPhone.

You can do this with setting suid bit to application, but if you want from this c application run a some shell this was be runned on local user if you do it normally this is security system.

However you can read/write/execute files owned by root, but if your user is not in group of file your target file must have setted read/write/execute on last 3 bits or when your user is in file owner group you must check/apply this to 3 bits in middle position. (3 first bits setting permission to owner but this may not by a usable information for you).

If you dont have any access to root account. Then if group and other user permissions dont access functions as you must have, you can't do with this anything except trying get some prilveaged user for access this file. In other cases you can do some fixes in file access permissions but not from this system, you must get hard drive from this device and attach to other to change it or load on this device some live system to change this. However you can do this on privleaged system not on this.

More information about SUID bits you can find at:

http://www.codecoffee.com/tipsforlinux/articles/028.html

http://www.everyjoe.com/newlinuxuser/explain-what-is-setuid-and-setgid/

Svisstack 2010-05-30 21:59:06

Thanks, but as I do not have root privileges, I cannot set the owner as root and set the SUID bit.

AriX 2010-05-30 22:01:36

Then if group and other user permissions dont access functions as you must have, you can't do with this anything except trying get some prilveaged user for access this file. In other cases you can do some fixes in file access permissions but not from this system, you must get hard drive from this device and attach to other to change it or load on this device some live system to change this. However you can do this on privleaged system not on this.

Svisstack 2010-05-30 22:06:54

The iPhone SDK doesn't allow this. Your application is sandboxed and it is not allowed to go outside of that sandbox except in very specific ways provided by Apple. The only way to do this on an iPhone is to jailbreak it.

Chuck 2010-05-30 22:08:12

+1 A:

Under the UNIX permissions system, you need to run a file owned by root itself that's marked setuid-root (+s, as you said) or communicate with some process that is already running as root.

If there is no such file, you are out of luck.

Daniel Stutzbach 2010-05-30 22:22:03

OK. That's what I thought. I guess there is no way to log in as root except through something that already has root privileges to grant them to me.

AriX 2010-05-31 15:22:03

@AriX: Yes, I'm afraid so. From a security perspective, that's a feature. ;-)

Daniel Stutzbach 2010-05-31 16:12:01

ansaurus

tags:

views:

answers:

C Privilege Escalation (With Password)

related questions