8 uid_wrapper - A wrapper to fake privilege separation
13 LD_PRELOAD=libuid_wrapper.so UID_WRAPPER=1 UID_WRAPPER_ROOT=1 *./myapplication*
18 - Allows uid switching as a normal user.
19 - Start any application making it believe it is running as root.
20 - Support for user/group changing in the local thread using the syscalls (like glibc).
21 - More precisely this library intercepts seteuid and related calls, and simulates
22 them in a manner similar to the nss_wrapper and socket_wrapper libraries.
24 Some projects like a file server need privilege separation to be able to switch
25 to the connection user and do file operations. uid_wrapper convincingly lies to
26 the application letting it believe it is operating as root and even switching
27 between UIDs and GIDs as needed.
34 If you load the uid_wrapper and enable it with setting UID_WRAPPER=1 all setuid
35 and setgid will work, even as a normal user.
39 It is possible to start your application as fake root with setting
42 *UID_WRAPPER_DEBUGLEVEL*::
44 If you need to see what is going on in uid_wrapper itself or try to find a
45 bug, you can enable logging support in uid_wrapper if you built it with
55 This environment variable can be used to tell uid_wrapper to let geteuid()
56 return the real (instead of the faked) UID of the user who started the process
59 --------------------------------------
62 setenv("UID_WRAPPER_MYUID", "1", 1);
64 unsetenv("UID_WRAPPER_MYUID");
65 --------------------------------------
67 *UID_WRAPPER_DISABLE_DEEPBIND*::
69 This allows you to disable deep binding in uid_wrapper. This is useful for
70 running valgrind tools or sanitizers like (address, undefined, thread).
75 $ LD_PRELOAD=libuid_wrapper.so UID_WRAPPER=1 UID_WRAPPER_ROOT=1 id
76 uid=0(root) gid=0(root) 0(root)
81 If you need to write code that behaves differently depending on whether
82 uid_wrapper is enabled or not, for example in cases where you have to file
83 permissions, you can predefine the uid_wrapper_enabled() function in your
86 --------------------------------------
87 bool uid_wrapper_enabled(void)
91 --------------------------------------
93 Since uid_wrapper overloads this function if enabled, you can use it in your
94 code to detect uid_wrapper.