SUMMARY: Calling lpc from a SETUID ROOT program

From: Howard Schultens (
Date: Thu Sep 08 1994 - 00:22:00 CDT

Original query:

>I am writing a simple program with a GUI that will let normal users start
>and stop printers. It is just a wrapper for 'lpc' that runs setuid root.
>When the program starts, it checks that the effective user ID is root
>with geteuid(). That works OK, but when it calls lpc with the 'system'
>command, lpc rejects the call with the message "?Privileged command", i.e.
>lpc isn't being called by root.

I was misled by the S&NA manual, "The operating system uses the effective
user and group IDs to determine access permissions for the process. The
real user and group IDs are used for accounting purposes.", and so forth,
also by how su is "effectively" root (who am i), but still knows my user name.
lpc wants the REAL user ID also set to root, then it works. lpc still
complains, however, by returning an error 2 when it is called like this.

Thanks to: (Brett Lymn): he warned strongly of problems with the
'system()' call in applications like this:

>Never never never never use the system call in a setuid root program.
>The rotten thing is *sooooo* easy to subvert you would not believe.
>Use fork and exec to run your command. (Bill Morrow)
Mike Raffety <>
Widar Karlsen <>
Neil Rickert <> (Luc Colijn)
Peter Allott <> (Dan Dasaro)
"Henry Katz" <>, who suggests using sudo (Joaquim Fernando Soares)
Dan Stromberg - OAC-DCS <> (Glenn Satchell) (Paul O'Donnell)
Gregory Bond <>
William Charles <>

\ ..\ /../ Howard Schultens Tel: ++49 551 39 5914
 \.o.\ /../ Zentrum Physiologie FAX: ++49 551 39 5923
  \o.o> /: / Abteilung Neuro- und
   \o/ / \ Sinnesphysiologie
    Y R .oo \ Humboldtallee 23
     / o o.o \ D-37073 Goettingen
    <_*o*_*.*_> Germany E-Mail:

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:09:09 CDT