LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   How can I use the setuid bit on a file in Debian (https://www.linuxquestions.org/questions/linux-general-1/how-can-i-use-the-setuid-bit-on-a-file-in-debian-495243/)

HGeneAnthony 10-24-2006 05:49 PM
How can I use the setuid bit on a file in Debian
 
I was trying to use the setuid bit on a file so that it runs as the root user. I then changed the permissions on the file to 700. However, when I try to run the file I get a permission denied error. I was wondering is there a way to set the setuid bit on Debian or has this been taken out?

rickh 10-24-2006 06:45 PM
Quote:
...is there a way to set the setuid bit on Debian or has this been taken out?
Had to chuckle at that.

What is this program trying to do? Is it a script? Scripts may have issues with setuid, that's a fairly high risk security issue, but they can be made to work. If your executable is trying to write to a directory that only root has access to, I think that may cause problems.

Setuid is, surprisingly to me, one of the least documented features in Linux. For some time, I've been thinking about playing around with it to see if I could understand it well enough to write the definitive documentation. Haven't done it yet. Sorry.

HappyTux 10-24-2006 07:08 PM
chmod +s file

rickh 10-24-2006 07:13 PM
I was going on the assumption that he'd already done that.

HGeneAnthony 10-24-2006 07:59 PM
Reply
 
Yeah I did that. What I read is that some distros disable the setuid bit from executing on scripts and some distros disable it all together. The script was nothing more that apt-get update;apt-get upgrade. The truth is I can just as easily put all users in the user group and add a rule to let all users in the sudo group run the command with sudo. I'm more curious if this still workes.

rickh 10-24-2006 09:15 PM
Quote:
The script was nothing more that apt-get update;apt-get upgrade.
There is no question that those programs are going to write to directories for which only root has access. I recently needed to have some users write to a file in /etc/network/. I had to give them write access to that directory, as well as set suid on the script. Setuid seems to give permission only the execute the program, but does not carry root priviledges to actions invoked by the program.

As I said, I really want to sit down and study how it works ... one of these days.

ntubski 10-24-2006 09:17 PM
From http://www.tldp.org/HOWTO/Security-H...-security.html
Quote:
SUID Shell Scripts

SUID shell scripts are a serious security risk, and for this reason the kernel will not honor them. Regardless of how secure you think the shell script is, it can be exploited to give the cracker a root shell.
This seems to suggest that it won't work on any distro, since it's a kernel thing...

introuble 10-25-2006 06:38 AM
Yes, I can confirm it at least on Debian -unstable.

P.S.: Does anyone have a list of Unices that do/don't do this?
P.P.S: It seems this security hole is quite well known.


All times are GMT -5. The time now is 09:50 PM.