Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
bash won't permit setuid to root in its scripts, for security reasons.
linuxquestions user blackhole54 has expanded on this in another thread:
Quote:
Running a script setuid root is considered a security risk because of the way the environment can change behavior.
...
A way that will work and is safe if you are careful, is to write a real short C program that calls the script with a nearly null environment whose contents are carefully controlled by the C program, and then set the C program's binary to setuid root. For security, the script sould be called with its full path, should be writable only by root and should be in a directory that is writable only by root. I learned this technique from usernetctl which is used to allow a normal user to run ifup and ifdown scripts as root. This program also does some other checks to make sure non-root users can't alter the scripts.
Check if the filesystem on which the file resides has the nosuid option. This is a nice quick way to see the settings for the filesystem on which the current working directory is mounted:
The options are a list in (parenthesis) at the end of the line.
Also check the type of filesystem can actually have permissions set. I would guess (not 100% sure about this) that FAT partitions can't, and perhaps some others too.
The FS and permissions look OK. (Did you know ping requires setuid?) The problem seems to be bash. I even tried ash, but no luck. Maybe I do have to write a C program.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.