Questions regarding invoking bash
Hi guys, I have a few questions regarding invoking bash. Hope that you can help me out.
1. I logged in as root, copied /bin/bash to the home directory of one of my normal users, say 'glen', and changed the permission of this bash copy to '4755'.(I know this is not wise, and I was doing this just for testing purpose.) Then, I switched to my 'glen' account, and ran this bash copy in my home directory, so I thought that I would invoke a bash under root privilege with a pound sign as prompt; however, the new prompt I got was 'bash-4.3$' and no root privilege at all (I tested it by accessing some restricted files). In contrast, If I copied '/bin/sh' instead of '/bin/bash', and repeated what I did, then I would indeed run the sh shell under root privilege with the prompt appearing as '#'. WHY? 2. I created a shell script named 'ls', edited it content as following: Code:
/bin/bash |
^ it probably gets stuck in a loop or something.
the real question here is: why on earth would you want to do something like that? it's like deliberately scratching my hard disk, then starting forum threads inquiring why my hard disk isn't working anymore (exact sector numbers please). |
Quote:
Code:
int main() |
1. Please add the distro (& version) you are using to your profiler, as this can help us to help you :)
2. I can reproduce the first thing : chmod 4755 (local version of) bash. The reason you don't get a root prompt is because you did that as glen, not as root. Contrary to urban legend, the suid bit makes a program run as the file 'owner', not root, unless root owns it already. :) 3. the 'sh' one is odd. On my Centos 6.7 sh is just a symlink to bash anyway, but even for the real sh (posix shell), you shouldn't get a root prompt unless the ownership was root; please do an 'ls -l' and check that. 3. I don't get any probs with the 'ls' script; it just creates another shell level. Try checking Code:
echo $SHLVL Also, make sure you clean up between each experiment, or it will become impossible to debug ;) HTH |
Quote:
|
Quote:
1. Sure, added, and thanks for the heads-up, I didn't realize. The distribution I am using is Ubuntu 14.04. 2. I copied '/bin/bash' to glen's home directory when I logged in as root, so the bash copy was indeed owned by root(I double-checked using 'ls -l'), and its setuid bit was turned on. Given the points above, if it behaved normally, I should get the root prompt, but somehow I did not. 3. '/bin/sh' was copied using root account as well, so it shouldn't be a surprise to have the root prompt here? 4. Did you change the $PATH variable after creating the 'ls' shell script as I did? Code:
export PATH=~:$PATH |
Actually, I tried both 'current dir ie '.'
Code:
$ PATH=.:$PATH It may be something to do with the $PROMPT_COMMAND not being exported in your env, as it is exported in mine. Also, Ubuntu uses dash as the target of the 'sh' link . |
Quote:
|
~/ls is a script in your case, there is no way to use setuid bit on a script. It has no any meaning.
you can try strace -f -o /tmp/logfile <your command> to check what's happening (and you will see what was really executed) |
$berndbausch: I think you are right. It indeed appears that doing so would get my shell stuck in some sort of loop. If I press 'CTRL-C' soon after I call 'bash', and after that keep pressing 'CTRL-D', it will keep exiting from sub-shells. It will take some time to exit from certain amount of sub-shells to reach the outermost shell(the shell I started from), and the number of sub-shells being exited from seems to be proportional to the length of time interval between when I called 'bash' and when I pressed ' CTRL-C'.
Quote:
|
I think bash simply ignores setuid flag (refuses to change user id). But need to check source code to be sure
http://unix.stackexchange.com/questi...effect-on-bash |
Quote:
And profuse thanks to everyone who helped me in this thread! |
dash works too.
(if you really want to say thanks just click on yes) |
Quote:
|
that is the main purpose, just saying thanks. Actually you can find reputation on the left side which is more or less the number of clicks (thanks) you got. You can check the rules and reputation system of this forum if you need detailed information.
|
All times are GMT -5. The time now is 02:19 AM. |