09-20-2015
Difference between inbuilt suid programs and user defined root suid programs under bash shell?
Hey guys,
Suppose i run passwd via bash shell. It is a suid program, which temporarily runs as root(owner) and modifies the user entries.
However, when i write a C file and give 4755 permission and root ownership to the 'a.out' file , it doesn't run as root in bash shell. I verified this by comparing uid and euid within the program which turned out to be the same. However, in zsh shell, it runs with root privileges
My question is : Why does an inbuilt program like suid is able to run with root privileges in bash shell while a user defined suid root program is not ?
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
what is SUID ? can someone explain or point me to a link ?
thanks
simon2000 (2 Replies)
Discussion started by: simon2000
2 Replies
2. UNIX for Advanced & Expert Users
Hi,
I have two file in my directory. "catter" file contains "cat ./file". And "file" contails "Hi ashish". I have SUID bit set for catter file. But when a different user in my group runs file catter, shell displays "Permission denied" message.
I just want to know can use of suid bit be... (3 Replies)
Discussion started by: shriashishpatil
3 Replies
3. UNIX for Advanced & Expert Users
Hi
Senario: I have previleges to edit a file F but User B does not have sufficient privs to edit it.
In order for B to edit it I tried an indirect way. I created a script to edit F and SUID this script so that B can execute it with the privs of me. But this is not working . can some one help... (3 Replies)
Discussion started by: Pankaj Mishra
3 Replies
4. UNIX for Advanced & Expert Users
Hello,
I would like to run gedit as root while logged into my regular user account. When I try to launch gedit from the command line as super user, I get this message:
Gtk-WARNING **: cannot open display:
Any suggestions or word arounds? It would make my life a lot simpler to edit files... (8 Replies)
Discussion started by: Allasso
8 Replies
5. UNIX for Dummies Questions & Answers
Are the programs written on schedulers ,thread library , process management, memory management, et al called systems programs ? How are they different from the programs that implement functions like open() , printf() , scanf() , read() .. they have a prefix sys_open, sys_close, sys_read etc , right... (1 Reply)
Discussion started by: vishwamitra
1 Replies
6. UNIX for Advanced & Expert Users
How do check the programs that the actual user of the computer installed. I do not care at all about the default programs that came with your distro of Linux, I only want the user installed programs. (1 Reply)
Discussion started by: cokedude
1 Replies
7. Cybersecurity
Hello
My system is Debian-503-amd64. After I installed the "lpr" package, I found that some files with SUID bit come from this package. As:
ls -l /usr/bin/lp*
....
-rwsr-sr-x 1 root lp 31800 2008-05-20 /usr/bin/lpq
-rwsr-sr-x 1 root lp 28504 2008-05-20 /usr/bin/lpr
-rwsr-sr-x 1... (1 Reply)
Discussion started by: ZR_Lang
1 Replies
8. Debian
want to create a user account for each of the key programs installed on my debian server. For example, for the following programs:
Tomcat Nginx Supervisor PostgreSQL
This seems to be recommended based on my reading online. However, I want to restrict these user accounts as much as possible,... (3 Replies)
Discussion started by: Spadez
3 Replies
9. Shell Programming and Scripting
SUID works for shell scripts (bash)??
I'm user user1 need to execute a shell script (script.sh) which is owned by user2.-rwsrwxrwx 1 user2 aduser 3518 Aug 21 05:33 script.shOnly user2 has write privileges to write/copy a file in directory /dir1/subdir. Hence SUID bit permissions are set to... (8 Replies)
Discussion started by: MSK_1990
8 Replies
10. UNIX for Dummies Questions & Answers
I had a question in my test which asked where suppose user B has a program with 's' bit set. Can user A run this program and gain root privileges in any way?
I suppose not as the suid program run with privileges of owner and this program will run with B's privileges and not root. (1 Reply)
Discussion started by: syncmaster
1 Replies
LEARN ABOUT REDHAT
system
SYSTEM(3) Linux Programmer's Manual SYSTEM(3)
NAME
system - execute a shell command
SYNOPSIS
#include <stdlib.h>
int system(const char *string);
DESCRIPTION
system() executes a command specified in string by calling /bin/sh -c string, and returns after the command has been completed. During
execution of the command, SIGCHLD will be blocked, and SIGINT and SIGQUIT will be ignored.
RETURN VALUE
The value returned is -1 on error (e.g. fork failed), and the return status of the command otherwise. This latter return status is in the
format specified in wait(2). Thus, the exit code of the command will be WEXITSTATUS(status). In case /bin/sh could not be executed, the
exit status will be that of a command that does exit(127).
If the value of string is NULL, system() returns nonzero if the shell is available, and zero if not.
system() does not affect the wait status of any other children.
CONFORMING TO
ANSI C, POSIX.2, BSD 4.3
NOTES
As mentioned, system() ignores SIGINT and SIGQUIT. This may make programs that call it from a loop uninterruptable, unless they take care
themselves to check the exit status of the child. E.g.
while(something) {
int ret = system("foo");
if (WIFSIGNALED(ret) &&
(WTERMSIG(ret) == SIGINT || WTERMSIG(ret) == SIGQUIT))
break;
}
Do not use system() from a program with suid or sgid privileges, because strange values for some environment variables might be used to
subvert system integrity. Use the exec(3) family of functions instead, but not execlp(3) or execvp(3). system() will not, in fact, work
properly from programs with suid or sgid privileges on systems on which /bin/sh is bash version 2, since bash 2 drops privileges on
startup. (Debian uses a modified bash which does not do this when invoked as sh.)
The check for the availability of /bin/sh is not actually performed; it is always assumed to be available. ISO C specifies the check, but
POSIX.2 specifies that the return shall always be non-zero, since a system without the shell is not conforming, and it is this that is
implemented.
It is possible for the shell command to return 127, so that code is not a sure indication that the execve() call failed.
SEE ALSO
sh(1), signal(2), wait(2), exec(3)
2001-09-23 SYSTEM(3)