cwrap

The uid_wrapper library

A testing tool to fake privilege separation


Clone with git ยท Report a bug


Some projects, such as a file server, need privilege separation to be able to switch to the user who owns the files and do file operations on their behalf. uid_wrapper convincingly lies to the application, letting it believe it is operating as root and even switching between UIDs and GIDs as needed. You can start any application making it believe it is running as root.

Features

  • Allows uid switching as a normal user.
  • Start any application making it believe it is running as root.
  • Support for user/group changing in the local thread using the syscalls (like glibc).
  • uid_wrapper intercepts seteuid(2) and related calls and simulates them in a way transparent to the application

Detailed descriptions

  • If you load the uid_wrapper and enable it with setting UID_WRAPPER=1 all setuid() and setgid() calls will work, even as a normal user.
  • It is possible to start your application as fake root with setting UID_WRAPPER_ROOT=1.
  • Enable debugging of uid_wrapper itself by setting the UID_WRAPPER_DEBUGLEVEL variable