What is really SUID?
Hi Everybody
I've some issue with SUID. Until now, i thought i'm comfortable with the understanding of SUID/SGID/Sticky Bit. Infact, i have explained (theoretically) so many people about them - How to set/check SUID/SGID/Sticky. I've always explained SUID as "The Set-User-ID bit is used to execute a file with its owner permissions, not with the user-who-launch-the-executable permissions as it is with classic permissions set." ...and gave example of /usr/bin/passwd file. I've applied Sticky bit many a times since from time to time I've to create a shared folder for some project or other. But i've never used SUID/SGID. But today, one of my colleague asked me to explain SUID (practically), and boy it was a spectacular fail. Hmmm i thought i knew it. Anyway, following are the steps i tried to explain him about SUID, similar to passwd/shadow example. The idea is to create a text file as root which has no permissions, and hence cannot be read/written to from regular users. And then, create a script as root, which can edit that text file. Give that script SUID permission, so that regular users can write to the text file through script only and hence they cannot read/write to text file directly. Following steps should be self explanatory: 1. As root, create text & script file, give permissions and add some data: Code:
# touch /etc/mydata.txt Code:
# su - dummy Did i get the whole concept of SUID wrong, or is it just applied to built-in binaries only and not to user-made scripts. Any light on this will be much appreciated. Thanks |
addit is a shell script, not a binary. The real running binary is /bin/bash, that will interpret and execute your script line by line.
Therefore you ought to set sticky bit on the interpreter, not on the script. I suggest you to copy bash to your home and use that one instead of the original (that one must not be altered). |
Quote:
Since the assumption is 'addit' to be portable app, so instead of copying /bin/bash to user's directory, i converted addit script to binary. Code:
# mv /bin/addit ~/addit.sh |
I reproduced the problem. Even the SUIDed bash copy thing. Then I wrote a helloworld in C++.
Code:
#include <fstream> Touch file "file" with no write rights. Execute helloworld as regular user and cat "file". It works just fine so I conclude this is an issue of "in the name of who bash handles filedescriptors when pipelining". |
Quote:
|
Quote:
Quote:
Code:
$ which addit |
As you are also aware of script files dont honor the suid bit thus you converted the bash script into an executable but maybe that still is the problem. I don't know how the internal works but maybe try to set bash suid to. And then run the addit again.
|
@zhjim
Gave SUID to /bin/bash, also ran /bin/bash directly.... Still no luck. Code:
# chmod u+s /bin/bash Next Step, i'll try to build RPM from script, then install that RPM package and then i'll try again. I'll see what happens. (But before that, i've to learn how to build rpm packages first...:p) |
As I told you do not modify /bin/bash it will/may have unpredictable result. If you want to play with it just make a copy and use that one.
|
Quote:
Code:
$ ls -l /home/dummy/bash |
Could try with chowing to root and chmodding to 700. I had the case where I wanted to delete a directory for which I did not have write permission as a normal user. Also root may go well with what ever permission is set maybe suid works a bit different under the hood.
|
It really depends on what you are trying to do.
There are two identifications involved: the real uid (the original), and the effective uid. All the setuid flag does is change the effective uid to the owner of the binary. For many things (such as file access controls) this is more than sufficient. SOME things do check the real UID as well. Those activities tend to want to verify that it really really is root doing something - so they check the real uid - which isn't root. The easiest way a program can determine if it is running setuid is to check that the real UID and effective UID are the same. For a user process, both of these are the same. For a root process they are also the same, but both are root. The advantage of having the effective UID and real UID separate is that it allows a setuid program to drop privileges (file access) very easily - just set the effective UID to the real UID. The process is no longer privileged. It also partitions roots privileges - setuid can give processes file control access, but not device control. In UNIX systems this was more distinctly separated, but in Linux nearly any kernel control is available through a filesystem access (either sys, proc, devfs...) so that partitioning is much weaker in Linux. |
@jpollard
What i understand from you is that if only real/effective uid are same(root in this case), addit will be able to edit text file. Since uid of addit script will be Real=dummy, Effective=root and so addit cannot write to mydata.txt file which has no permission (or just root permission). Now, the question is how to set real and effective uid to script? man search gave these results: Code:
# man -k set.*uid |
You are right that SUID/SGID on the file containing a script does not work. It has been disabled for a long time now due to many security issues. SUID/SGID should work on a compiled program, but make sure that the file system where you are doing these experiments has not been mounted with the "nosuid" option. You could still set the SUID permission bits there, but they would be ignored.
|
That cleared my problem. Thanks everybody.
|
All times are GMT -5. The time now is 03:24 PM. |