LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 12-18-2008, 12:12 PM   #1
Tomás Ó hÉilidhe
LQ Newbie
 
Registered: Feb 2008
Location: Southeast Asia (sunny!)
Distribution: Xubuntu
Posts: 28

Rep: Reputation: 15
Possible to abuse SUID to do something malicious?


I was reading up on the SUID bit just there and something came to mind.

On my own laptop, let's say I create a simple script something like:

rm /sbin/ifconfig

I then get a USB stick and format it with ext2 and I copy the script across to the USB stick. Then I do:

sudo chown root:root /mnt/usbstick/my_script
sudo chmod 777 /mnt/usbstick/my_script
such chmod u+s,g+s /mnt/usbstick/my_script

Let's say I bring this USB stick to a computer lab. I mount the USB stick on a workstation computer. Will I be able to run the script? If not, why?

(I'm presuming that the script won't run. The only reason I think it won't run is that it took me only a few seconds to come up with this idea, and I figure the implementors of Linux are smarter than that, but still I'd like to know the exact reason why it won't run)
 
Old 12-18-2008, 12:46 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
If the lab workstation mounts the stick OK then you should be able to run the script, apart from the fact that the setuid bit doesn't work for scripts. So an ELF binary should work if the lab workstation mounts the stick OK and without further restrictions like mount flags (nosuid,noexec), GRSecurity (Trusted Path Execution), SE Linux (context=).
 
Old 12-18-2008, 02:39 PM   #3
nflenz
Member
 
Registered: Feb 2006
Distribution: CRUX 2.4
Posts: 96

Rep: Reputation: 18
I tested this a while ago and discovered setuid bits are ignored if the media was mounted by a user. If root mounted the device, then you might get into trouble.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Is this JavaScript malicious? Doctorzongo Programming 6 07-21-2008 03:42 PM
Malicious Script jspsandhu Linux - General 12 09-29-2005 05:05 PM
SUID file drops suid bit on append? c_coder Programming 1 03-12-2004 07:59 AM
Malicious C code protection gdboling Programming 4 09-02-2003 06:14 PM
Protecting against malicious PHP paranoid Linux - Security 0 03-14-2003 09:32 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 07:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration