09-20-2015
Difference between inbuilt suid programs and user defined root suid programs under bash shell?
Hey guys,
Suppose i run passwd via bash shell. It is a suid program, which temporarily runs as root(owner) and modifies the user entries.
However, when i write a C file and give 4755 permission and root ownership to the 'a.out' file , it doesn't run as root in bash shell. I verified this by comparing uid and euid within the program which turned out to be the same. However, in zsh shell, it runs with root privileges
My question is : Why does an inbuilt program like suid is able to run with root privileges in bash shell while a user defined suid root program is not ?
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
what is SUID ? can someone explain or point me to a link ?
thanks
simon2000 (2 Replies)
Discussion started by: simon2000
2 Replies
2. UNIX for Advanced & Expert Users
Hi,
I have two file in my directory. "catter" file contains "cat ./file". And "file" contails "Hi ashish". I have SUID bit set for catter file. But when a different user in my group runs file catter, shell displays "Permission denied" message.
I just want to know can use of suid bit be... (3 Replies)
Discussion started by: shriashishpatil
3 Replies
3. UNIX for Advanced & Expert Users
Hi
Senario: I have previleges to edit a file F but User B does not have sufficient privs to edit it.
In order for B to edit it I tried an indirect way. I created a script to edit F and SUID this script so that B can execute it with the privs of me. But this is not working . can some one help... (3 Replies)
Discussion started by: Pankaj Mishra
3 Replies
4. UNIX for Advanced & Expert Users
Hello,
I would like to run gedit as root while logged into my regular user account. When I try to launch gedit from the command line as super user, I get this message:
Gtk-WARNING **: cannot open display:
Any suggestions or word arounds? It would make my life a lot simpler to edit files... (8 Replies)
Discussion started by: Allasso
8 Replies
5. UNIX for Dummies Questions & Answers
Are the programs written on schedulers ,thread library , process management, memory management, et al called systems programs ? How are they different from the programs that implement functions like open() , printf() , scanf() , read() .. they have a prefix sys_open, sys_close, sys_read etc , right... (1 Reply)
Discussion started by: vishwamitra
1 Replies
6. UNIX for Advanced & Expert Users
How do check the programs that the actual user of the computer installed. I do not care at all about the default programs that came with your distro of Linux, I only want the user installed programs. (1 Reply)
Discussion started by: cokedude
1 Replies
7. Cybersecurity
Hello
My system is Debian-503-amd64. After I installed the "lpr" package, I found that some files with SUID bit come from this package. As:
ls -l /usr/bin/lp*
....
-rwsr-sr-x 1 root lp 31800 2008-05-20 /usr/bin/lpq
-rwsr-sr-x 1 root lp 28504 2008-05-20 /usr/bin/lpr
-rwsr-sr-x 1... (1 Reply)
Discussion started by: ZR_Lang
1 Replies
8. Debian
want to create a user account for each of the key programs installed on my debian server. For example, for the following programs:
Tomcat Nginx Supervisor PostgreSQL
This seems to be recommended based on my reading online. However, I want to restrict these user accounts as much as possible,... (3 Replies)
Discussion started by: Spadez
3 Replies
9. Shell Programming and Scripting
SUID works for shell scripts (bash)??
I'm user user1 need to execute a shell script (script.sh) which is owned by user2.-rwsrwxrwx 1 user2 aduser 3518 Aug 21 05:33 script.shOnly user2 has write privileges to write/copy a file in directory /dir1/subdir. Hence SUID bit permissions are set to... (8 Replies)
Discussion started by: MSK_1990
8 Replies
10. UNIX for Dummies Questions & Answers
I had a question in my test which asked where suppose user B has a program with 's' bit set. Can user A run this program and gain root privileges in any way?
I suppose not as the suid program run with privileges of owner and this program will run with B's privileges and not root. (1 Reply)
Discussion started by: syncmaster
1 Replies
LEARN ABOUT FREEBSD
captest
CAPTEST:(8) System Administration Utilities CAPTEST:(8)
NAME
captest - a program to demonstrate capabilities
SYNOPSIS
captest [ --drop-all | --drop-caps | --id ] [ --lock ] [ --text ]
DESCRIPTION
captest is a program that demonstrates and prints out the current process capabilities. Each option prints the same report. It will output
current capabilities. then it will try to access /etc/shadow directly to show if that can be done. Then it creates a child process that
attempts to read /etc/shadow and outputs the results of that. Then it outputs the capabilities that a child process would have.
You can also apply file system capabilities to this program to study how they work. For example, filecap /usr/bin/captest chown. Then run
captest as a normal user. Another interesting test is to make captest suid root so that you can see what the interaction is between root's
credentials and capabilities. For example, chmod 4755 /usr/bin/captest. When run as a normal user, the program will see if privilege esca-
lation is possible. But do not leave this app setuid root after you are don testing so that an attacker cannot take advantage of it.
OPTIONS
--drop-all
This drops all capabilities and clears the bounding set.
--drop-caps
This drops just traditional capabilities.
--id This changes to uid and gid 99, drops supplemental groups, and clears the bounding set.
--text This option outputs the effective capabilities in text rather than numerically.
--lock This prevents the ability for child processes to regain privileges if the uid is 0.
SEE ALSO
filecap(8), capabilities(7)
AUTHOR
Steve Grubb
Red Hat June 2009 CAPTEST:(8)