Possible to abuse SUID to do something malicious?
 

I was reading up on the SUID bit just there and something came to mind.

On my own laptop, let's say I create a simple script something like:

rm /sbin/ifconfig

I then get a USB stick and format it with ext2 and I copy the script across to the USB stick. Then I do:

sudo chown root:root /mnt/usbstick/my_script
sudo chmod 777 /mnt/usbstick/my_script
such chmod u+s,g+s /mnt/usbstick/my_script

Let's say I bring this USB stick to a computer lab. I mount the USB stick on a workstation computer. Will I be able to run the script? If not, why?

(I'm presuming that the script won't run. The only reason I think it won't run is that it took me only a few seconds to come up with this idea, and I figure the implementors of Linux are smarter than that, but still I'd like to know the exact reason why it won't run)

If the lab workstation mounts the stick OK then you should be able to run the script, apart from the fact that the setuid bit doesn't work for scripts. So an ELF binary should work if the lab workstation mounts the stick OK and without further restrictions like mount flags (nosuid,noexec), GRSecurity (Trusted Path Execution), SE Linux (context=).

I tested this a while ago and discovered setuid bits are ignored if the media was mounted by a user. If root mounted the device, then you might get into trouble.