02-24-2012
The euid in this case would be root (0) and the uid would be the users real id (500). Some programmes check this and if they are not the equal they stop.
I just found a system with iptables installed and tried it. Without the suid bit on, it does fail with an error, but it was successful when I flipped suid on, so I don't think it is doing what I suggested.
Something that I noticed when I set the permissions is that iptables is actually a sim link that points to iptables-multi. Is this the case in your environment? If so, did you try setting the suid bit on iptables-multi as it doesn't make sense to set it on the simlink (chmod shouldn't allow it anyway).
Not sure what else to suggest.
8 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
I have a binary. It is having the following permissions
rws rws rwx mqm:mqm runmqtrm
The same program on another machine is
rws rws rwx root: mqm runmqtrm
This program is a setuid program.
This is what my understanding is. Whatever user the program is started under, it will finally be... (0 Replies)
Discussion started by: bandaru
0 Replies
2. Programming
Hello,
If i have 2 strings str1 and str2, i would like to copy/concatenate str2 to str1, from 1st bit leaving the 0th bit.
How do i do it? (2 Replies)
Discussion started by: jazz
2 Replies
3. Programming
hi all,
i have a critical and specific problem with respect to set uid bit on user and the dll's
for a binary, (under the userid A)
it needs libraries from /usr/lib and informix libraries from $INFORMIXDIR/lib/esql
but this binary should be kicked off from id B,
hence s-bit on user is... (5 Replies)
Discussion started by: matrixmadhan
5 Replies
4. HP-UX
hi i have written small script which will login 2 two different users with su but if we run from normal user it prompts for password so
i chnaged the owner of script to root and added setuid bit
with
chmod u+s <script_name>
but when i run the script i get following message
Warning:... (3 Replies)
Discussion started by: zedex
3 Replies
5. Red Hat
Hi,
OS : Linux
I have an executable (P1) owned by user say "abcd" and the setuid bit is set. And there is another executable (P2) which brings up the process (P1).
When the setuid bit is set, the process P1 is failing, if the setuid bit is not set there is no issue.
I was wondering if... (6 Replies)
Discussion started by: ahamed101
6 Replies
6. UNIX for Dummies Questions & Answers
Can anyone explain me difference between setuid and sticky bit? and also between setuid and chown? (3 Replies)
Discussion started by: kkalyan
3 Replies
7. Shell Programming and Scripting
Hi,
Here is the issue. From the program snippet I have Base: 0x1800000000, Size: 0x3FFE7FFFFFFFF which are of 40 and 56 bits. SO I used use bignum to do the math but summing them up I always failed having correct result.
perl interpreter info,
perl, v5.8.8 built for... (0 Replies)
Discussion started by: rrd1986
0 Replies
8. UNIX for Beginners Questions & Answers
Just learning about the privilege escalation method provided by setuid. Correct me if I am wrong but what it does is change the uid of the current process to whatever uid I set. Right ?
So what stops me from writing my own C program and calling setuid(0) within it and gaining root privileges ?
... (2 Replies)
Discussion started by: sreyan32
2 Replies
LINUX(4) BSD Kernel Interfaces Manual LINUX(4)
NAME
linux -- Linux ABI support
SYNOPSIS
To compile support for this ABI into an i386 kernel place the following line in your kernel configuration file:
options COMPAT_LINUX
for an amd64 kernel use:
options COMPAT_LINUX32
Alternatively, to load the ABI as a module at boot time, place the following line in loader.conf(5):
linux_load="YES"
DESCRIPTION
The linux module provides limited Linux ABI (application binary interface) compatibility for userland applications. The module provides the
following significant facilities:
o An image activator for correctly branded elf(5) executable images
o Special signal handling for activated images
o Linux to native system call translation
It is important to note that the Linux ABI support it not provided through an emulator. Rather, a true (albeit limited) ABI implementation
is provided.
The following sysctl(8) tunable variables are available:
compat.linux.osname Linux kernel operating system name.
compat.linux.osrelease Linux kernel operating system release. Changing this to something else is discouraged on non-development systems,
because it may change the way Linux programs work. Recent versions of GNU libc are known to use different syscalls
depending on the value of this sysctl.
compat.linux.oss_version Linux Open Sound System version.
The linux module can be linked into the kernel statically with the COMPAT_LINUX kernel configuration option or loaded as required. The fol-
lowing command will load the module if it is neither linked into the kernel nor already loaded as a module:
if ! kldstat -v | grep -E 'linux(aout|elf)' > /dev/null; then
kldload linux > /dev/null 2>&1
fi
Note that dynamically linked Linux executables will require a suitable environment in /compat/linux. Specifically, the Linux run-time
linker's hints files should be correctly initialized. For this reason, it is common to execute the following commands to prepare the system
to correctly run Linux executables:
if [ -x /compat/linux/sbin/ldconfig ]; then
/compat/linux/sbin/ldconfig -r /compat/linux
fi
For information on loading the linux kernel loadable module automatically on system startup, see rc.conf(5). This information applies
regardless of whether the linux module is statically linked into the kernel or loaded as a module.
FILES
/compat/linux minimal Linux run-time environment
/compat/linux/proc limited Linux process file system
/compat/linux/sys limited Linux system file system
SEE ALSO
brandelf(1), elf(5), linprocfs(5), linsysfs(5)
HISTORY
Linux ABI support first appeared in FreeBSD 2.1.
BSD
February 8, 2010 BSD