> When will these distros accept suid was a mistake and disable it. I have the following C prog...

simoncion • today at 12:22 AM • 2 replies • view on HN

> When will these distros accept suid was a mistake and disable it.

I have the following C program that I use as an unprivileged user to put my system into and out of Game Mode.

1) Do you believe that this program is unsafe when compiled and set suid root?

2) How do you propose that I replace it with something that isn't suid root?

  #include <string.h>
  #include <stdlib.h>
  #include <stdio.h>
  #include <unistd.h>
  
  void maybe_do(const char * cmd) {
    if(system(cmd)) {
      perror(cmd);
      exit(2);
    }
  }
  
  int main(int argc, char** argv) {
    if(argc != 2) {
      return 1;
    }
    int turnOff = strncmp("on", argv[1], 2);
  
    if(setuid(0)) {
      perror("uid");
      return 2;
    }
    if(turnOff) {
      maybe_do("/usr/bin/cpupower frequency-set --governor schedutil > /dev/null");
      maybe_do("/bin/echo auto > /sys/class/drm/card0/device/power_dpm_force_performance_level");
    } else {
      maybe_do("/usr/bin/cpupower frequency-set --governor performance > /dev/null");
      maybe_do("/bin/echo high > /sys/class/drm/card0/device/power_dpm_force_performance_level");
    }
    return 0;
  }

Replies

c-hendricks • today at 2:02 AM

Run the part that needs root as a daemon, some server that accepts http requests

Use sudo and allow anyone to run the binary without password auth

Use the existing gamemode package

Those are a few options, of course it's your system in the end

➕ show 1 reply

charcircuit • today at 3:26 AM

1) I believe the current iteration you have of it is safe.

2) I suggest that a service is created for managing system performance that exposes an API to your user to turn on and off game mode.

➕ show 1 reply

alt Hacker News

Replies