Reputation: 28
library (.so) with root privilege
I have a C++ program that uses some C libraries. The program is executed as an "unprivileged" user but one and only one function of a library (.so) loaded by the program need root privileges (it needs to write to /dev/mem).
Do exists a way to have only that function or only that library executed as root, leaving all the rest code "unprivileged"?
Thanks to all, Cristian
Upvotes: 0
Views: 818
Answers (2)
Reputation: 12708
The quick answer is NO. You cannot switch userids on a per-library basis, as the user identity is a per-process property (you should know at least this, if you are trying to dig into the /dev/mem device).
Runtime library loading is a library task (it is done by a shared object called the dynamic loader, ld-linux-x86-64.so.2, in my system) and it is done at runtime, so no privileged access can be granted to it, for security reasons.
Anyway, the setuid property for a program allows you to switch privileges between the effective user (this is the setuid user) and the real user (the user who executes the program) and back, so in the special case of the root account, you can use it to access /dev/mem.
Anyway, apart of the access problem, writing to /dev/mem is very dangerous, as it maps to the physical address space of the machine (so, it's there as physical pages, from different processes and the kernel, with no apparent order). This has to be done with the translation table available, as pages come and go to swap in a very dynamic way. And you are touching kernel memory anyway, so you have to extreme care when writing there. I don't know what do you want to do, but you had better to think twice before writing there (as from your question, you don't know a process' properties well enough, it's most probable you don't know also the virtual to physical translation of pages that is being held in the kernel).
But if you want to crash your system, this is the perfect way to do. Anyway, if that is the target you pursue, then just make the whole program setuid root (if you know what this sentence mean) and go ahead. Or even better, do it as the root user, so you don't need to worry about setuid or the like.
Upvotes: 2
Reputation: 1178
Start the program as root and open /dev/mem as a file. Then change user id to something less intrusive. The file will keep its original permissions.
Upvotes: 0
Related Questions
- Can't link dynamic library when running C language with root privileges?
- Finding <lib>.so when only <lib>.so.n exists, without sudo rights
- Unable to load libsctp.so for non root user
- writing a c++ linux program that should run as root
- Loading a SO Library, What can Linux do for me?
- Execute a program with root during runtime
- About compile with .so in Linux
- library not found running as root
- how to allow, and correctly load, modification of .so file?
- Give up root privilegies?