"Set User ID bit" demostration
The "set user id"-bit (or setuid-bit) is a potentially dangerous permission type. Wrong usage of setuid can result in unauthorized access to your system.
What it means
When a setuid bit is set to an executable, the script will be executed as if it was executed by the owner of the file. So for example this script has a setuid bit set:
$ ls -l myscript.sh
-rwsr-xr-x 1 root wheel 200 Nov 5 10:47 myscript.shThis script may be executable by anybody. When executed by the user "robert" for example, it will inherit permissions as if it was executed by root.
Imagine that this script contains the command "reboot"; in that case anybody would be able to reboot the machine.
How you can set it
Very easy:
# chmod 4755 myscript.shor
# chmod u+s myscript.shWhat you can do with it
Here is a small demonstration, first showing that a user can't write to /etc/passwd.
$ echo "foo bar" >> /etc/passwd
-bash: /etc/passwd: Permission deniedNow set the setuid bit:
# chmod u+s /bin/echoWith the setuid bit on, the user is able to write to /etc/passwd:
$ echo "foo bar" >> /etc/passwd
$See the dangerous situation we have just created? Undo it by executing # chmod u-s /bin/echo.
How to detect (and resolve) it
# find / -perm -4000Please notice that there are many files on a system that have setuid bits, like:
- /bin/mount - because a user needs to be able to mount a cdrom or floppy.
- /bin/ping
- /usr/bin/crontab
| About | Consultancy | Articles | Contact |
|
|
|
|
|
| References | Red Hat Certified Architect | By Robert de Bock | Robert de Bock |
| Curriculum Vitae | By Fred Clausen | +31 6 14 39 58 72 | |
| By Nelson Manning | robert@meinit.nl |