Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Setuid not working in Linux as script fails to write to file.
Top Forums Shell Programming and Scripting Setuid not working in Linux as script fails to write to file. Post 302826395 by alister on Wednesday 26th of June 2013 02:06:49 PM
Old 06-26-2013
Your analysis of the situation is incorrect, rbatte.

While you are correct that mount options can forbid suid binary executables (and even non-suid executables), linux does not support suid interpreted script executables, regardless of mount options.

Regards,
Alister

---------- Post updated at 02:06 PM ---------- Previous update was at 12:04 PM ----------

In case anyone is interested, a more detailed explanation.

Relevant functions from the 3.9.7 stable kernel:
fs/exec.c :: do_execve_common()
fs/exec.c :: prepare_binprm()
fs/exec.c :: search_binary_handler()
fs/binfmt_script.c :: load_script()

Linux can support many executable formats. Each format has a dedicated handler registered with the kernel. When loading an executable, the execve syscall must first identify the format of the executable. This is accomplished in search_binary_handler by walking the list of registered handlers until one of them succeeds. If none succeed, the system call fails.

This procedure can occur more than once. A typical, successful shell script execve requires two passes. The first pass ends with the success of load_script, the handler that recognizes the #! shebang header. This handler parses the interpreter's pathname from the shebang line and uses it to begin the second pass. Usually, the interpreter is a native binary (e.g. sh, awk, perl, etc), in which case this second handler search concludes with load_elf_binary.

The kernel calls prepare_binprm before each pass.

prepare_binprm resets the effective uid and gid to match that of the current process (execve's caller), before checking the inode of the executable it intends to load. If the inode's mode has a SUID/SGID bit set, then the euid/egid for the to-be-loaded executable is set to match the inode uid/gid (incidentally, rbatte, this is also where the NOSUID mount option check is located).

The first prepare_binprm call is in do_execve_common and involves the SUID shell script executable. The second call is in load_script and involves the interpreter pathname.

Between the two calls to prepare_binprm, the relevant data structure actually has the shell script owner's credentials, as if the kernel intends to allow the change in ownership. However, the second prepare_binprm invocation (just as the first) resets the euid/egid values to those of the current process. The shell script's inode's SUID/SGID change is clobbered and this time prepare_binprm consults the interpreter's inode, not the shell script's.

Regards,
Alister
This User Gave Thanks to alister For This Post:
jim mcnamara
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Need to write a home-grown backup script for Linux

I am researching ways in which to backup files or whole file systems for backup to another system. We are using Suse Linux 7.0 with no tape backup devices or secondary disks. What utilities would be the best to use for a simple yet flexible script for backup purposes? tar, cpio, compress. (3 Replies)
Discussion started by: darthur
3 Replies

2. Shell Programming and Scripting

log file when the script fails !

i have a script that will retrive some info from database. The script is working fine but i have to add new feature in it when the script fails or retrive null result it should reflect in the log file. below the script AMR_Inactive.sh while read i do connect1=`sqlplus -silent... (3 Replies)
Discussion started by: ali560045
3 Replies

3. IP Networking

read/write,write/write lock with smbclient fails

Hi, We have smb client running on two of the linux boxes and smb server on another linux system. During a backup operation which uses smb, read of a file was allowed while write to the same file was going on.Also simultaneous writes to the same file were allowed.Following are the settings in the... (1 Reply)
Discussion started by: swatidas11
1 Replies

4. UNIX for Advanced & Expert Users

when a process fails to write to /dev/log

Hi , when a process fails to write to /dev/log ? (1 Reply)
Discussion started by: Gopi Krishna P
1 Replies

5. UNIX for Dummies Questions & Answers

a problem with write a script in Linux version 2.4.27-ubnt0

Hello everyone, I have a radio wireless called UBNT Nanostation5 It has this linux OS:Linux version 2.4.27-ubnt0 When i want to write a script in ssh, i get some errors The script is: ifconfig eth0 down ifconfig eth0 hw ether 00:15:6D:**:**:** ifconfig eth0 up cfg -x echo... (1 Reply)
Discussion started by: cygol
1 Replies

6. Shell Programming and Scripting

Need help! command working ok when executed in command line, but fails when run inside a script!

Hi everyone, when executing this command in unix: echo "WM7 Fatal Alerts:", $(cat query1.txt) > a.csvIt works fine, but running this command in a shell script gives an error saying that there's a syntax error. here is content of my script: tdbsrvr$ vi hc.sh "hc.sh" 22 lines, 509... (4 Replies)
Discussion started by: 4dirk1
4 Replies

7. Red Hat

process fails if setuid bit is set

Hi, OS : Linux I have an executable (P1) owned by user say "abcd" and the setuid bit is set. And there is another executable (P2) which brings up the process (P1). When the setuid bit is set, the process P1 is failing, if the setuid bit is not set there is no issue. I was wondering if... (6 Replies)
Discussion started by: ahamed101
6 Replies

8. UNIX for Beginners Questions & Answers

Linux shell | how to exit a script if any command fails.

Hi, i am new here let me say HI for all. now i have a question please: i am sending one command to my machine to create 3 names. if one of the names exists then the box return error message that already have the name but will continue to create the rests. How i can break the command and... (7 Replies)
Discussion started by: Amiri
7 Replies

9. UNIX for Beginners Questions & Answers

What keeps me from abusing setuid(0) and programs with setuid bit set?

Just learning about the privilege escalation method provided by setuid. Correct me if I am wrong but what it does is change the uid of the current process to whatever uid I set. Right ? So what stops me from writing my own C program and calling setuid(0) within it and gaining root privileges ? ... (2 Replies)
Discussion started by: sreyan32
2 Replies

LEARN ABOUT SUSE

git-remote

GIT-REMOTE(1)							    Git Manual							     GIT-REMOTE(1)

NAME

       git-remote - manage set of tracked repositories

SYNOPSIS

       git remote [-v | --verbose]
       git remote add [-t <branch>] [-m <master>] [-f] [--mirror] <name> <url>
       git remote rename <old> <new>
       git remote rm <name>
       git remote set-head <name> (-a | -d | <branch>)
       git remote set-url [--push] <name> <newurl> [<oldurl>]
       git remote set-url --add [--push] <name> <newurl>
       git remote set-url --delete [--push] <name> <url>
       git remote [-v | --verbose] show [-n] <name>
       git remote prune [-n | --dry-run] <name>
       git remote [-v | --verbose] update [-p | --prune] [group | remote]...

DESCRIPTION

       Manage the set of repositories ("remotes") whose branches you track.

OPTIONS

       -v, --verbose
	   Be a little more verbose and show remote url after name. NOTE: This must be placed between remote and subcommand.

COMMANDS

       With no arguments, shows a list of existing remotes. Several subcommands are available to perform operations on the remotes.

       add
	   Adds a remote named <name> for the repository at <url>. The command git fetch <name> can then be used to create and update
	   remote-tracking branches <name>/<branch>.

	   With -f option, git fetch <name> is run immediately after the remote information is set up.

	   With -t <branch> option, instead of the default glob refspec for the remote to track all branches under $GIT_DIR/remotes/<name>/, a
	   refspec to track only <branch> is created. You can give more than one -t <branch> to track multiple branches without grabbing all
	   branches.

	   With -m <master> option, $GIT_DIR/remotes/<name>/HEAD is set up to point at remote's <master> branch. See also the set-head command.

	   In mirror mode, enabled with --mirror, the refs will not be stored in the refs/remotes/ namespace, but in refs/heads/. This option
	   only makes sense in bare repositories. If a remote uses mirror mode, furthermore, git push will always behave as if --mirror was
	   passed.

       rename
	   Rename the remote named <old> to <new>. All remote tracking branches and configuration settings for the remote are updated.

	   In case <old> and <new> are the same, and <old> is a file under $GIT_DIR/remotes or $GIT_DIR/branches, the remote is converted to the
	   configuration file format.

       rm
	   Remove the remote named <name>. All remote tracking branches and configuration settings for the remote are removed.

       set-head
	   Sets or deletes the default branch ($GIT_DIR/remotes/<name>/HEAD) for the named remote. Having a default branch for a remote is not
	   required, but allows the name of the remote to be specified in lieu of a specific branch. For example, if the default branch for origin
	   is set to master, then origin may be specified wherever you would normally specify origin/master.

	   With -d, $GIT_DIR/remotes/<name>/HEAD is deleted.

	   With -a, the remote is queried to determine its HEAD, then $GIT_DIR/remotes/<name>/HEAD is set to the same branch. e.g., if the remote
	   HEAD is pointed at next, "git remote set-head origin -a" will set $GIT_DIR/refs/remotes/origin/HEAD to refs/remotes/origin/next. This
	   will only work if refs/remotes/origin/next already exists; if not it must be fetched first.

	   Use <branch> to set $GIT_DIR/remotes/<name>/HEAD explicitly. e.g., "git remote set-head origin master" will set
	   $GIT_DIR/refs/remotes/origin/HEAD to refs/remotes/origin/master. This will only work if refs/remotes/origin/master already exists; if
	   not it must be fetched first.

       set-url
	   Changes URL remote points to. Sets first URL remote points to matching regex <oldurl> (first URL if no <oldurl> is given) to <newurl>.
	   If <oldurl> doesn't match any URL, error occurs and nothing is changed.

	   With --push, push URLs are manipulated instead of fetch URLs.

	   With --add, instead of changing some URL, new URL is added.

	   With --delete, instead of changing some URL, all URLs matching regex <url> are deleted. Trying to delete all non-push URLs is an error.

       show
	   Gives some information about the remote <name>.

	   With -n option, the remote heads are not queried first with git ls-remote <name>; cached information is used instead.

       prune
	   Deletes all stale tracking branches under <name>. These stale branches have already been removed from the remote repository referenced
	   by <name>, but are still locally available in "remotes/<name>".

	   With --dry-run option, report what branches will be pruned, but do not actually prune them.

       update
	   Fetch updates for a named set of remotes in the repository as defined by remotes.<group>. If a named group is not specified on the
	   command line, the configuration parameter remotes.default will be used; if remotes.default is not defined, all remotes which do not
	   have the configuration parameter remote.<name>.skipDefaultUpdate set to true will be updated. (See git-config(1)).

	   With --prune option, prune all the remotes that are updated.

DISCUSSION

       The remote configuration is achieved using the remote.origin.url and remote.origin.fetch configuration variables. (See git-config(1)).

EXAMPLES

       o   Add a new remote, fetch, and check out a branch from it

	       .ft C
	       $ git remote
	       origin
	       $ git branch -r
	       origin/master
	       $ git remote add linux-nfs git://linux-nfs.org/pub/linux/nfs-2.6.git
	       $ git remote
	       linux-nfs
	       origin
	       $ git fetch
	       * refs/remotes/linux-nfs/master: storing branch 'master' ...
		 commit: bf81b46
	       $ git branch -r
	       origin/master
	       linux-nfs/master
	       $ git checkout -b nfs linux-nfs/master
	       ...
	       .ft

       o   Imitate git clone but track only selected branches

	       .ft C
	       $ mkdir project.git
	       $ cd project.git
	       $ git init
	       $ git remote add -f -t master -m master origin git://example.com/git.git/
	       $ git merge origin
	       .ft

SEE ALSO

       git-fetch(1) git-branch(1) git-config(1)

AUTHOR

       Written by Junio Hamano

DOCUMENTATION

       Documentation by J. Bruce Fields and the git-list <git@vger.kernel.org[1]>.

GIT

       Part of the git(1) suite

NOTES

	1. git@vger.kernel.org
	   mailto:git@vger.kernel.org

Git 1.7.1							    07/05/2010							     GIT-REMOTE(1)
All times are GMT -4. The time now is 11:37 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy