Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: What keeps me from abusing setuid(0) and programs with setuid bit set?
Top Forums UNIX for Beginners Questions & Answers What keeps me from abusing setuid(0) and programs with setuid bit set? Post 303012910 by rbatte1 on Monday 12th of February 2018 11:13:22 AM
Old 02-12-2018
I suppose if you have access to become the super-user (usually root, but some sites have multiple UID=0 accounts) then you are trusted. If you then choose to abuse that trust by creating a setuid executable file owned by the super-user then you are sharing that trust. If you leave the file available to be updated by others, then you are sharing the trust for what trust you are sharing.

It is usually frowned upon with most people preferring to use sudo instead. Rules can be written to allow people to assume other identities whilst running executables. It's all down to who you trust.


Can you tell us a bit more about what you need it to do?




Robin
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

setuid

I have a C wrapper programme which basically execute a shell script. The shell script has 700 as permission and oracle is owner of the shell script. The C execuatble has 4711 permission so that means that it has setuid bit set and group and others can execute the C executable. The reason why I am... (2 Replies)
Discussion started by: sanjay92
2 Replies

2. UNIX for Advanced & Expert Users

setuid sticky bit

I have a binary. It is having the following permissions rws rws rwx mqm:mqm runmqtrm The same program on another machine is rws rws rwx root: mqm runmqtrm This program is a setuid program. This is what my understanding is. Whatever user the program is started under, it will finally be... (0 Replies)
Discussion started by: bandaru
0 Replies

3. UNIX for Advanced & Expert Users

ping/traceroute setuid programs

This may be a dumb question, but I've been wondering why programs such as ping and traceroute must be setuid? Are there some restrictions which prevent normal users from accessing the world via sockets? $ pwd /bin $ ls -l ping traceroute -rwsr-xr-x 1 root root 35616 Apr 7 2005 ping... (1 Reply)
Discussion started by: nathan
1 Replies

4. Programming

setuid bit on user + dynamically linked libraries

hi all, i have a critical and specific problem with respect to set uid bit on user and the dll's for a binary, (under the userid A) it needs libraries from /usr/lib and informix libraries from $INFORMIXDIR/lib/esql but this binary should be kicked off from id B, hence s-bit on user is... (5 Replies)
Discussion started by: matrixmadhan
5 Replies

5. HP-UX

setuid bit - error

hi i have written small script which will login 2 two different users with su but if we run from normal user it prompts for password so i chnaged the owner of script to root and added setuid bit with chmod u+s <script_name> but when i run the script i get following message Warning:... (3 Replies)
Discussion started by: zedex
3 Replies

6. Red Hat

process fails if setuid bit is set

Hi, OS : Linux I have an executable (P1) owned by user say "abcd" and the setuid bit is set. And there is another executable (P2) which brings up the process (P1). When the setuid bit is set, the process P1 is failing, if the setuid bit is not set there is no issue. I was wondering if... (6 Replies)
Discussion started by: ahamed101
6 Replies

7. Solaris

Need help with setuid.

Hi Gurus, I need your suggestions,to implement setuid. Here is the situation. I have a user xyz on a solaris zone.He needs to install a package using a pkgadd command but i guess only a root can run that .Is there any way I can set the setuid bit on the pkgadd which is in the location... (6 Replies)
Discussion started by: rama krishna
6 Replies

8. UNIX for Dummies Questions & Answers

setuid & sticky bit

Can anyone explain me difference between setuid and sticky bit? and also between setuid and chown? (3 Replies)
Discussion started by: kkalyan
3 Replies

9. Linux

Please explain setuid bit clearly!

Dear all, I am newbie with linux, i dont understand any code. I have googled a long time. Please help me explain about setuid bit on linux (Centos 6) Here: 1/ I chmod u+s for /sbin/iptables but normal user still cannot perform command (ex: /sbin/iptables -L) 2/Someone says : setuid only... (6 Replies)
Discussion started by: all4cfa
6 Replies

10. UNIX for Dummies Questions & Answers

Restricting Usage of Setuid Programs to the Admin User In MacOsx

This is a quote from the Apple security configuration (you can download it from Apple) " Using ACLs to Restrict Usage of Setuid Programs The ACL feature of Mac OS X can also be used to restrict the execution of setuid programs. Restricting the execution of setuid programs to administrators... (3 Replies)
Discussion started by: Vera
3 Replies

LEARN ABOUT DEBIAN

setuid

SETUID(1)						      General Commands Manual							 SETUID(1)

NAME

       setuid - run a command with a different uid.

SYNOPSIS

       setuid username|uid   command [ args ]

DESCRIPTION

       Setuid  changes	user id, then executes the specified command.  Unlike some versions of su(1), this program doesn't ever ask for a password
       when executed with effective uid=root.  This program doesn't change the environment; it only changes the uid and then uses execvp() to find
       the command in the path, and execute it.  (If the command is a script, execvp() passes the command name to /bin/sh for processing.)

       For example,
	      setuid  some_user  $SHELL
       can be used to start a shell running as another user.

       Setuid  is  useful  inside  scripts that are being run by a setuid-root user -- such as a script invoked with super, so that the script can
       execute some commands using the uid of the original user, instead of root.  This allows unsafe commands (such as editors and pagers) to	be
       used  in  a  non-root  mode inside a super script.  For example, an operator with permission to modify a certain protected_file could use a
       super command that simply does:
	      cp protected_file temp_file
	      setuid $ORIG_USER ${EDITOR:-/bin/vi} temp_file
	      cp temp_file protected_file
       (Note: don't use this example directly.	If the temp_file can somehow be replaced by another user, as might be the case if it's kept  in  a
       temporary  directory,  there  will  be a race condition in the time between editing the temporary file and copying it back to the protected
       file.)

AUTHOR

       Will Deich

								       local								 SETUID(1)
All times are GMT -4. The time now is 03:02 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy