LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-16-2008, 01:54 AM   #1
trist007
Senior Member
 
Registered: May 2008
Distribution: Slackware
Posts: 1,033

Rep: Reputation: 69
A questions about suid programs...


If I'm running a program that requires root privs, I log in as root and chmod u+s to set suid permissions on the program. Then I log in as my normal user and run the program via sudo [program].

My question is, when I run this program do I run it as root or as normal user with root privs? So, if I'm running this suid program and I get hacked, will the hacker run a shell with root privs or my normal users privs?
 
Old 12-16-2008, 07:07 PM   #2
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
If you're using sudo to run it you don't need to chmod u+s in
the first place....
 
Old 12-16-2008, 10:57 PM   #3
trist007
Senior Member
 
Registered: May 2008
Distribution: Slackware
Posts: 1,033

Original Poster
Rep: Reputation: 69
Doesn't the suid program need to be chmod u+s by root first? Anyhow, what about the vulnerability?
 
Old 12-17-2008, 07:17 AM   #4
dickgregory
Member
 
Registered: Oct 2002
Location: Houston
Distribution: Arch, PCLinuxOS, Mint
Posts: 257

Rep: Reputation: 34
It is usually a good idea to avoid SUID when possible. Sometimes it is necessary which is why it exists. When you use it, you need to be very careful, because it could become an easy path for attack on your system. This can happen if the program contains code that when abused can alter access to system functions.

My own policy is that I NEVER use SUID on something that I did not write myself and is not open source. Part of the power of Open Source is that sloppy or malicious code is usually detected and fixed before it is released for general use. When a vulnerability does slip through and is discovered, a fix is often complete and available quickly, since the whole world has access to it.

If the program is owned by root, you need to do the chmod u+s as root. You will also need to set the "other" execute bit (chmod o+x) so you can run it as a non-root user. Or a safer way would be to chmod g+x and make sure you are a member of the group. Also, you need to make sure that the program is in your path unless you want to supply the absolute path on the command.
 
Old 12-17-2008, 05:18 PM   #5
trist007
Senior Member
 
Registered: May 2008
Distribution: Slackware
Posts: 1,033

Original Poster
Rep: Reputation: 69
So it's better to chmod o+x as root as opposed to adding the line
%user ALL = ALL
the /etc/sudoers file
 
Old 12-17-2008, 07:50 PM   #6
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Actually those two things are pretty much unrelated.

What are you trying to achieve in the first place?
 
Old 12-17-2008, 09:28 PM   #7
trist007
Senior Member
 
Registered: May 2008
Distribution: Slackware
Posts: 1,033

Original Poster
Rep: Reputation: 69
trying to run a regular user account, while still retaining some main commands like mount, ifconfig, iwconfig, etc, etc. I just don't want to be root all the time cause of the security vulnerability.
 
Old 12-18-2008, 10:13 AM   #8
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Ok.... so you're using sudo to do these things? Then
there's no need to modify anything. mount is suid any
way, but that still requires either a) an entry in /etc/fstab
that states that ordinary users are allowed to mount
devices. As far as ifconfig/iwconfig go - depending on
your distro, and/or how tight you want security, just
add those few commands to your users (or the admin group
which you're a member off) sudoers entry.


Randomly modifying perms on individual executables is
(most of the time) a bad idea. Commonly the defaults
(including ownerships and permissions) on executables
are very sane and secure, and shouldn't be played with
lightly.



Cheers,
Tink

Last edited by Tinkster; 12-18-2008 at 10:14 AM.
 
Old 12-18-2008, 11:53 PM   #9
trist007
Senior Member
 
Registered: May 2008
Distribution: Slackware
Posts: 1,033

Original Poster
Rep: Reputation: 69
Thanks for the info. Will do.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
suid / su questions usafitz Linux - Newbie 8 11-28-2007 11:13 PM
questions about shell programs sachitha Programming 1 08-21-2005 01:46 PM
SUID file drops suid bit on append? c_coder Programming 1 03-12-2004 07:59 AM
X based programs refuse to work when suid is used in slackware 9.1. Have nvidia 5328 natalinasmpf Linux - General 0 01-01-2004 10:22 AM
some questions on adding programs sluggo Linux - Newbie 5 01-20-2002 11:44 PM


All times are GMT -5. The time now is 01:37 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration