Background:
I have an executable c++ built program called UlimitUnlimiter. Currently, It produce some issues while executing on one of my server.
./UlimitUnlimiterUlimitUnlimiter: /usr/lib64/libstdc++.so.6: version `CXXABI_1.3.9' not found (required by UlimitUnlimiter)/UlimitUnlimiter: /usr/lib64/libstdc++.so.6: version `GLIBCXX_3.4.21' not found (required by UlimitUnlimiter) This is a Dynamic c++ library issue, and I have another lib path in my package path. Generally, Giving a LD_LIBRARY_PATH or run it by /lib64/ld-linux-x86-64.so.2 can solve the problem.
But my case is a little complicated. I setup setuid bit for the executable program.
chown root:mygroup UlimitUnlimiterchmod ugo+rx UlimitUnlimiterchmod +s UlimitUnlimiterAnd inside the program, it will check if uid != 0 && gid != 0 && euid == 0For a succeed execution, it should be:
./UlimitUnlimiter[UlimitUnlimiter]: uid=10254388[UlimitUnlimiter]: gid=100[UlimitUnlimiter]: euid=0service running...But because of chmod +s, running with LD_LIBRARY_PATH will fail even with expert LD_LIBRARY_PATH:
LD_LIBRARY_PATH=correct_path_to/lib ./UlimitUnlimiterUlimitUnlimiter: /usr/lib64/libstdc++.so.6: version `CXXABI_1.3.9' not found (required by UlimitUnlimiter)/UlimitUnlimiter: /usr/lib64/libstdc++.so.6: version `GLIBCXX_3.4.21' not found (required by UlimitUnlimiter) export LD_LIBRARY_PATH=correct_path_to/lib./UlimitUnlimiterUlimitUnlimiter: /usr/lib64/libstdc++.so.6: version `CXXABI_1.3.9' not found (required by UlimitUnlimiter)/UlimitUnlimiter: /usr/lib64/libstdc++.so.6: version `GLIBCXX_3.4.21' not found (required by UlimitUnlimiter) The only way, I can setup the lib path is running by /lib64/ld-linux-x86-64.so.2, however it will break the effective user.
/lib64/ld-linux-x86-64.so.2 --library-path correct_path_to/lib ./UlimitUnlimiter[UlimitUnlimiter]: uid=10254388[UlimitUnlimiter]: gid=100[UlimitUnlimiter]: euid=10254388[UlimitUnlimiter]: ulimitunlimiter must be setuid and run by non-rootSo I am wondering, is there a way that I can both setting up the dynamic lib and not breaking the setuid bit at the same time?
