Your questions are certainly legitimate. In short, a set uid
program changes its id of its suid bit, and runs with that
suid's permissions. Normally, if you run a program, it runs with
your permissions. If you run a program that is set uid root, then
the program runs as root. If the set uid root program prints "Hello World" and
nothing else, then there is no risk to your system. But say the suid root program
asks for you name and then prints "Hello , <your name here>". Say
in your program that when it prints the statement, that if you put
in a meta character that stops it from printing, and the rest of
the input is executed as a command. Let's say that command is
rm -rf /
Well, your filesystem is a goner. Because you had a program that ran
as root and you made it so anyone on your system could run it.
So why have programs set uid root or more simply written suid root.
When you change your password on your system with the passwd command,
the program asks you for your new password and then it encrypts it
and writes it to /etc/shadow. This is where the suid root is needed,
because /etc/shadow is only writeable by root. So, the passwd
program performs some checks when you execute it, opens /etc/shadow,
and writes your new encrypted password. If it did not have the suid
bit set, when it went to open the file and write to it, it would not
be able to. That's because when you execute a program, it normally ussumes
your identity. This is even so when the program is owned by root.
The suid program passwd has been combed through by many people and its
a program you can safely run as suid. But if you write your own programs which you make suid and
you have potentially malicious users who you give permission to run the
program, be forwarned. You can make set uid programs execute under the whatever
owner they are set to. In addition, there is setgid. see man chmod.
brian
On Tue, Nov 30, 1999 at 01:27:53PM -0800, Scott Tyson wrote:
> excuse my ignorance but can someone give me the readers digest of:
>
> 1. what is setuid? (set user id?)
> 2. why it is used
> 3. why is a setuid of root bad or not bad.
> 4. What to do if you have programs that are setuid root.
>
> thanks
> ----- Original Message -----
> From: "Brian Lavender" <brian@brie.com>
> To: "Lug Nuts" <lug-nuts@saclug.org>
> Sent: Tuesday, November 30, 1999 11:01 AM
> Subject: [lug-nuts] one liner again
>
>
> > I found this on
> >
> > http://www.hackernews.com/orig/practice.html
> >
> > On most systems, if you would like to see all of the files on it that
> > are SUID root, issue this command:
> >
> > $ find / \( -perm -4000 -o -perm -2000 ! -type d \) -exec \
> > ls -ldb {} \; >> output.log
> >
> > brian
> > --
> > Brian Lavender
> > http://www.brie.com/brian/
> >
> ************************************************************************
> ****
> > * To UNSUBSCRIBE from the list, send a message with "unsubscribe
> lug-nuts"
> > * in the message body to majordomo@saclug.org. Please direct other
> > * questions, comments, or problems to lug-nuts-owner@saclug.org.
> >
>
> ****************************************************************************
> * To UNSUBSCRIBE from the list, send a message with "unsubscribe lug-nuts"
> * in the message body to majordomo@saclug.org. Please direct other
> * questions, comments, or problems to lug-nuts-owner@saclug.org.
-- Brian Lavender http://www.brie.com/brian/ **************************************************************************** * To UNSUBSCRIBE from the list, send a message with "unsubscribe lug-nuts" * in the message body to majordomo@saclug.org. Please direct other * questions, comments, or problems to lug-nuts-owner@saclug.org.
This archive was generated by hypermail 2b29 : Fri Feb 25 2000 - 14:29:08 PST