I have a fairly simple c++ program that needs to manage a local "cache" in a secure way. My idea was to make the executable setuid-root and store the cache in root's home dir.
I enter setuid mode by calling seteuid(0). I then chroot to root's home dir then try to open the cache. The open fails with sqlite's error: unable to open database file.
try {
/*
* open the SQLite DB.
*/
#ifdef DEBUG
syslog(LOG_AUTHPRIV | LOG_INFO,
"%s: am I root: uid=%d: euid=%d", __func__, getuid(), geteuid());
#endif
std::string rootDir = My::My::getRootDir();
if (chroot(rootDir.c_str()) != 0) {
snprintf(error, 1024, "%s: Could not chroot for cache: %s",
__func__, strerror(errno));
syslog(LOG_AUTHPRIV | LOG_INFO, "%s", error);
throw My::MyException(error);
}
/*
* Create a new cache DB without "other" privs
*/
umask(0007);
if ((sqlite3_open(My_Lib::LocalCache::DBCacheFileName.c_str(),
&sqlite)) != SQLITE_OK) {
if (sqlite == NULL) {
snprintf(error, 1024,
"%s: Could not open cache, dbh is null", __func__);
} else {
snprintf(error, 1024,
"%s: Could not open cache, dbh error: %s", __func__,
sqlite3_errmsg(sqlite));
}
syslog(LOG_AUTHPRIV | LOG_INFO, "%s", error);
throw My::MyException(error);
}
...
The DEBUG syslog statement that prints the real and effective uids shows a real uid suitable for a non-root user. The euid is zero. Root's home dir perms are 750.
What am I missing?