Login or Register to Ask a Question and Join Our Community


UNIX for Beginners Questions & Answers

What keeps me from abusing setuid(0) and programs with setuid bit set?

 
Thread Tools Search this Thread
Top Forums UNIX for Beginners Questions & Answers What keeps me from abusing setuid(0) and programs with setuid bit set?
Prev   Next
# 1  
Old 02-12-2018
Linux What keeps me from abusing setuid(0) and programs with setuid bit set?
Just learning about the privilege escalation method provided by setuid. Correct me if I am wrong but what it does is change the uid of the current process to whatever uid I set. Right ?

So what stops me from writing my own C program and calling setuid(0) within it and gaining root privileges ?

Also my next question will be lets question will be about programs which have the setuid bit set.

If a program has the setuid bit set and the owner as root then can't I just exec that program in to my process and use to wreak havoc ? Its the same problem of gaining root privileges ?

I have seen a lot of documentation online on what these systems do, but none on how these systems are restricted. Hence I am asking the question here.
 
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Restricting Usage of Setuid Programs to the Admin User In MacOsx

This is a quote from the Apple security configuration (you can download it from Apple) " Using ACLs to Restrict Usage of Setuid Programs The ACL feature of Mac OS X can also be used to restrict the execution of setuid programs. Restricting the execution of setuid programs to administrators... (3 Replies)
Discussion started by: Vera
3 Replies

2. Linux

Please explain setuid bit clearly!

Dear all, I am newbie with linux, i dont understand any code. I have googled a long time. Please help me explain about setuid bit on linux (Centos 6) Here: 1/ I chmod u+s for /sbin/iptables but normal user still cannot perform command (ex: /sbin/iptables -L) 2/Someone says : setuid only... (6 Replies)
Discussion started by: all4cfa
6 Replies

3. UNIX for Dummies Questions & Answers

setuid & sticky bit

Can anyone explain me difference between setuid and sticky bit? and also between setuid and chown? (3 Replies)
Discussion started by: kkalyan
3 Replies

4. Solaris

Need help with setuid.

Hi Gurus, I need your suggestions,to implement setuid. Here is the situation. I have a user xyz on a solaris zone.He needs to install a package using a pkgadd command but i guess only a root can run that .Is there any way I can set the setuid bit on the pkgadd which is in the location... (6 Replies)
Discussion started by: rama krishna
6 Replies

5. Red Hat

process fails if setuid bit is set

Hi, OS : Linux I have an executable (P1) owned by user say "abcd" and the setuid bit is set. And there is another executable (P2) which brings up the process (P1). When the setuid bit is set, the process P1 is failing, if the setuid bit is not set there is no issue. I was wondering if... (6 Replies)
Discussion started by: ahamed101
6 Replies

6. HP-UX

setuid bit - error

hi i have written small script which will login 2 two different users with su but if we run from normal user it prompts for password so i chnaged the owner of script to root and added setuid bit with chmod u+s <script_name> but when i run the script i get following message Warning:... (3 Replies)
Discussion started by: zedex
3 Replies

7. Programming

setuid bit on user + dynamically linked libraries

hi all, i have a critical and specific problem with respect to set uid bit on user and the dll's for a binary, (under the userid A) it needs libraries from /usr/lib and informix libraries from $INFORMIXDIR/lib/esql but this binary should be kicked off from id B, hence s-bit on user is... (5 Replies)
Discussion started by: matrixmadhan
5 Replies

8. UNIX for Advanced & Expert Users

ping/traceroute setuid programs

This may be a dumb question, but I've been wondering why programs such as ping and traceroute must be setuid? Are there some restrictions which prevent normal users from accessing the world via sockets? $ pwd /bin $ ls -l ping traceroute -rwsr-xr-x 1 root root 35616 Apr 7 2005 ping... (1 Reply)
Discussion started by: nathan
1 Replies

9. UNIX for Advanced & Expert Users

setuid sticky bit

I have a binary. It is having the following permissions rws rws rwx mqm:mqm runmqtrm The same program on another machine is rws rws rwx root: mqm runmqtrm This program is a setuid program. This is what my understanding is. Whatever user the program is started under, it will finally be... (0 Replies)
Discussion started by: bandaru
0 Replies

10. UNIX for Advanced & Expert Users

setuid

I have a C wrapper programme which basically execute a shell script. The shell script has 700 as permission and oracle is owner of the shell script. The C execuatble has 4711 permission so that means that it has setuid bit set and group and others can execute the C executable. The reason why I am... (2 Replies)
Discussion started by: sanjay92
2 Replies
Login or Register to Ask a Question

LEARN ABOUT SUNOS

setuid

setuid(2)							   System Calls 							 setuid(2)

NAME

       setuid, setegid, seteuid, setgid - set user and group IDs

SYNOPSIS

       #include <sys/types.h>
       #include <unistd.h>

       int setuid(uid_t uid);

       int setgid(gid_t gid);

       int seteuid(uid_t euid);

       int setegid(gid_t egid);

DESCRIPTION

       The  setuid()  function	sets the real user ID, effective user ID, and saved user ID of the calling process. The setgid() function sets the
       real group ID, effective group ID, and saved group ID of the calling process. The setegid() and seteuid() functions set the effective group
       and user IDs respectively for the calling process. See intro(2) for more information on real, effective, and saved user and group IDs.

       At  login time, the real user ID, effective user ID, and saved user ID of the login process are set to the login ID of the user responsible
       for the creation of the process. The same is true for the real, effective, and saved group IDs; they are set to the group ID  of  the  user
       responsible for the creation of the process.

       When  a process calls one of the exec(2) family of functions to execute a file (program), the user and/or group identifiers associated with
       the process can change. If the file executed is a set-user-ID file, the effective and saved user IDs of the process are set to the owner of
       the  file  executed.  If the file executed is a set-group-ID file, the effective and saved group IDs of the process are set to the group of
       the file executed. If the file executed is not a set-user-ID or set-group-ID file, the effective user ID, saved user  ID,  effective  group
       ID, and saved group ID are not changed.

       If  the	{PRIV_PROC_SETID}  privilege is asserted in the effective set of the process calling setuid(), the real, effective, and saved user
       IDs are set to the uid argument.  If the uid argument is 0 and none of the saved, effective or  real  UID  is  0,  additional  restrictions
       apply. See privileges(5).

       If  the	{PRIV_PROC_SETID}  privilege  is not asserted in the effective set, but uid is either the real user ID or the saved user ID of the
       calling process, the effective user ID is set to uid.

       If the {PRIV_PROC_SETID} privilege is asserted in the effective set of the process calling setgid(), the real, effective, and  saved  group
       IDs are set to the gid argument.

       If  the	{PRIV_PROC_SETID} privilege is not asserted in the effective set, but gid is either the real group ID or the saved group ID of the
       calling process, the effective group ID is set to gid.

RETURN VALUES

       Upon successful completion, 0 is returned. Otherwise, -1 is returned and errno is set to indicate the error.

ERRORS

       The setuid() and setgid() functions will fail if:

       EINVAL	       The value of uid or gid is out of range.

       EPERM	       For setuid() and seteuid(), the {PRIV_PROC_SETID} privilege is not asserted in the effective set of the calling process and
		       the uid argument does not match either the real or saved user IDs, or an attempt is made to change to UID 0 and none of the
		       existing UIDs is 0, in which case additional privileges are required.

		       For setgid() and setegid(), the {PRIV_PROC_SETID} privilege is not asserted in the effective set and the gid argument  does
		       not match either the real or saved group IDs.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Standard			   |
       +-----------------------------+-----------------------------+
       |MT-Level		     |Async-Signal-Safe 	   |
       +-----------------------------+-----------------------------+

SEE ALSO

       intro(2), exec(2), getgroups(2), getuid(2), stat.h(3HEAD), attributes(5), privileges(5), standards(5)

SunOS 5.10							    20 Jan 2003 							 setuid(2)