How to use QCoreApplication to set root permission to my app



  • Hello,

    I want to run my GUI app as root in order to be able to do commands such as iwconfig. I manually set my GUI app to run as root, but whenever Qt runs my app, it aborts since it detected my app to be running setuid. Now I found this http://doc-snapshot.qt-project.org/qt5-5.4/qcoreapplication.html#setSetuidAllowed and from my understanding, this member of class QClassApplication sets whether the app will be allowed to run setuid or not. I want to use this, but have no idea how to integrate it. I added this to my mainwindow.h:

    @#include<QCoreApplication>
    ...
    private:
    Ui::MainWindow *ui;
    QCoreApplication setSUID;
    };
    @

    I also added this to my mainwindow.cpp
    @
    #include "mainwindow.h"
    #include "ui_mainwindow.h"

    MainWindow::MainWindow(QWidget *parent) :
    QMainWindow(parent),
    ui(new Ui::MainWindow)
    {
    ...
    ui->setupUi(this);
    setSUID.setSetuidAllowed(true);

    };
    @

    But building this causes a particular error to appear: /mainwindow.cpp:6: error: no matching function for call to 'QCoreApplication::QCoreApplication()'. What am I doing wrong?

    Thanks


  • Moderators

    QCoreApplication is a singleton class in Qt. You cannot instantiate it again. And, by the way, setSetuidAllowed() is a static function, so you do not need an object.

    Here are the solutions:
    @
    qApp->setSetuidAllowed(true);

    // or
    QCoreApplication::instance()->setSetuidAllowed(true);

    // or, in your main function:
    main () {
    QApplication app();
    app.setSetuidAllowed(true);

    MainWindow mw;
    mw.show();

    return app.exec();
    }
    @

    I would recommend to run this function as soon as possible (main function is the right place, the MainWindow constructor might be a bit too late).

    Please keep in mind that running your application as root is a security risk.



  • Hello sierdzio and thanks for your help! I tried your three solutions separately, by placing each one of them inside my main function, and with each time after building, I changed the permissions to the binary built by Qt as follows;

    sudo su
    chown root:root <mybin>
    chmod +s <mybin>

    After changing permissions, I ran the binary from Qt, but the error "FATAL: The application binary appears to be running setuid, this is a security hole.
    The program has unexpectedly finished." still appears. Am I doing something wrong here? I also know that it is a security risk, but I need the permissions since I am running Linux terminal commands through a Qt GUI.


  • Moderators

    OK, the docs claim this flag has to be set before QCoreApplication instance is created.

    So, please try this:
    @
    main () {
    QApplication::setSetuidAllowed(true);

    QApplication app();

    MainWindow mw;
    mw.show();

    return app.exec();
    }
    @



  • From the documentation:
    [quote]Qt is not an appropriate solution for setuid programs due to its large attack surface. However some applications may be required to run in this manner for historical reasons. This flag will prevent Qt from aborting the application when this is detected, and must be set before a QCoreApplication instance is created.[/quote]

    So, do it like this:
    @
    //FIRST allow running elevated
    QApplication::setSetuidAllowed(true);
    //THEN create the application
    QApplication app();
    @

    Otherwise, QCoreApplication will on construction already figure out that you are running elevated, and terminate before you can even set the permission for it. There is a reason the method is static...



  • Hello sierdzio and Andre,

    I tried your solutions, but there seems to be no way around for the moment. This error appeared when I tried to run my app in Qt creator:

    Gtk-WARNING **: This process is currently running setuid or setgid.
    This is not a supported use of GTK+. You must create a helper
    program instead. For further details, see:

    http://www.gtk.org/setuid.html
    

    Refusing to initialize GTK+.

    For now, I am looking into other ways to solve this. Thank you for your help!


Log in to reply
 

Looks like your connection to Qt Forum was lost, please wait while we try to reconnect.