LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-18-2011, 10:13 AM   #1
Soji Antony
Member
 
Registered: Jul 2010
Posts: 54

Rep: Reputation: 1
suid & guid


Hi

Does linux kernel 2.6 support suid & guid?.

I just read somewhere that "latest linux kernels does not support suid & guid as it can pose a security risk if the setuid attribute is assigned to executable programs that are not carefully designed".

I need a confirmation about what I say is correct or if not please correct me.

Thanks in advance ....
 
Old 05-18-2011, 10:22 AM   #2
Mr. Alex
Senior Member
 
Registered: May 2010
Distribution: No more Linux. Done with it.
Posts: 1,238

Rep: Reputation: Disabled
I use SUID, it works with my 2.6.38.4. And no, they can't remove this function from the kernel, it's not Windows.
 
Old 05-18-2011, 10:42 AM   #3
vikas027
Senior Member
 
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Debian, OS X
Posts: 1,298

Rep: Reputation: 102Reputation: 102
Quote:
Originally Posted by Soji Antony View Post
Hi

Does linux kernel 2.6 support suid & guid?.

I just read somewhere that "latest linux kernels does not support suid & guid as it can pose a security risk if the setuid attribute is assigned to executable programs that are not carefully designed".

I need a confirmation about what I say is correct or if not please correct me.

Thanks in advance ....
I do not think so. If you are talking about Linux systems, it does have SUID bit set on passwd command , which is essential and cannot be neglected.

Quote:
# ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 23420 Aug 11 2010 /usr/bin/passwd
I am using CENTOS 5.6 and it has has 2.6 kernel.
Code:
# uname -r
2.6.18-238.el5
 
1 members found this post helpful.
Old 05-19-2011, 01:13 PM   #4
Soji Antony
Member
 
Registered: Jul 2010
Posts: 54

Original Poster
Rep: Reputation: 1
Hi

Thanks for your reply.

Actually, I was trying to write a script which enables normal users to change their route. I wrote a bash script & set SUID, thinking that that script will run with root privilege & users can change their route using following commands.
Code:
route del default 
route add default gw 192.168.0.5
But even though SUID is set, the users get permission denied error. However I managed to solve this problem by calling this bash script from a C compiled program.

Code:
$cat call-script

#include
#include
#include
#include

int main()
{
setuid( 0 );
system( "/path/to/bash-script" );

return 0;
}
Code:
# chmod u+s call-script
Now users can execute ./call-script & can chanage their route with root privilege.
So , I assume that setuid bit is disabled on shell scripts(bash) & can be used only with binary executable. Please correct me If I am wrong ....

Thanks ...

Last edited by Soji Antony; 05-19-2011 at 01:17 PM.
 
Old 05-19-2011, 09:31 PM   #5
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 7,482

Rep: Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377
A couple of things ...

Typical Linux filesystems are a lot more sophisticated than "the handful of attribute bits" might lead you to believe. They often support Access Control Lists (ACLs), and may be capable of doing authentication and authorization in lots of other ways as well. So, yes, it is possible to nullify the effect of the "SetUID" bits.

Linux is fully capable of being "a good corporate citizen" in whatever company (or government) secured network you might be a part of. It maintains "the old Unix ways of doing things" partly just for compatibility and familiarity ... not out of necessity.
 
2 members found this post helpful.
Old 05-20-2011, 02:10 AM   #6
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,254

Rep: Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328
It's true that suid, sgid are not enabled by the kernel for scripting(!) languages; that's not a new thing BTW.
However, if the user can run 'route', it could be set suid if reqd, much like the passwd cmd mentioned.
Usually however, you'd enable just those few users via sudo instead of allowing all users.
 
1 members found this post helpful.
Old 05-20-2011, 08:48 PM   #7
Soji Antony
Member
 
Registered: Jul 2010
Posts: 54

Original Poster
Rep: Reputation: 1
Thank you all for replying to my questions .....

Last edited by Soji Antony; 05-20-2011 at 08:49 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
why use suid guid and stiky bit a.rasheed Linux - Newbie 1 06-25-2010 08:50 PM
Suid & Sguid santanu419 Linux - Server 1 06-03-2008 03:42 PM
Eliminating SUID & SGID? ridertech Linux - Security 4 07-08-2004 06:58 PM
imwheel & suid jspaceman Slackware 1 09-30-2003 07:28 AM
shell variables &suid&sgid alaios Linux - General 6 05-23-2003 05:03 PM


All times are GMT -5. The time now is 01:33 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration