LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-09-2007, 01:44 PM   #1
ahz10
Member
 
Registered: Apr 2005
Distribution: Fedora,Trustix,FreeBSD
Posts: 62

Rep: Reputation: 15
setuid not working?


As root, I create a file /tmp/test called
Code:
id -u
id
Then I run

Code:
chmod 4755 /tmp/test
But when I run /tmp/test as non-root, the id is 501 (instead of 0)! It seems I can change to the group root, but I really need the user root.

The system is Trustix 2.2 (Linux 2.4.33) and the file system is reiserfs.
 
Old 02-09-2007, 02:04 PM   #2
wjevans_7d1@yahoo.co
Member
 
Registered: Jun 2006
Location: Mariposa
Distribution: Slackware 9.1
Posts: 938

Rep: Reputation: 31
bash won't permit setuid to root in its scripts, for security reasons.

linuxquestions user blackhole54 has expanded on this in another thread:

Quote:
Running a script setuid root is considered a security risk because of the way the environment can change behavior.

...

A way that will work and is safe if you are careful, is to write a real short C program that calls the script with a nearly null environment whose contents are carefully controlled by the C program, and then set the C program's binary to setuid root. For security, the script sould be called with its full path, should be writable only by root and should be in a directory that is writable only by root. I learned this technique from usernetctl which is used to allow a normal user to run ifup and ifdown scripts as root. This program also does some other checks to make sure non-root users can't alter the scripts.
Hope this helps.
 
Old 02-09-2007, 02:07 PM   #3
matthewg42
Senior Member
 
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 65
Check if the filesystem on which the file resides has the nosuid option. This is a nice quick way to see the settings for the filesystem on which the current working directory is mounted:
Code:
mount |grep "on $(df -k . |tail -n 1 |awk '{ print $NF }') "
The options are a list in (parenthesis) at the end of the line.

Also check the type of filesystem can actually have permissions set. I would guess (not 100% sure about this) that FAT partitions can't, and perhaps some others too.
 
Old 02-09-2007, 02:12 PM   #4
matthewg42
Senior Member
 
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 65
Quote:
Originally Posted by wjevans_7d1@yahoo.co
bash won't permit setuid to root in its scripts, for security reasons.

Hope this helps.
I did not know that. Good to learn a new thing each day.

Where is this implemented - is it part of bash?
 
Old 02-09-2007, 02:15 PM   #5
wjevans_7d1@yahoo.co
Member
 
Registered: Jun 2006
Location: Mariposa
Distribution: Slackware 9.1
Posts: 938

Rep: Reputation: 31
Yes, that security feature is a part of bash itself. It wasn't always that way.
 
Old 02-09-2007, 02:17 PM   #6
ahz10
Member
 
Registered: Apr 2005
Distribution: Fedora,Trustix,FreeBSD
Posts: 62

Original Poster
Rep: Reputation: 15
The FS and permissions look OK. (Did you know ping requires setuid?) The problem seems to be bash. I even tried ash, but no luck. Maybe I do have to write a C program.
 
Old 02-09-2007, 04:17 PM   #7
ahz10
Member
 
Registered: Apr 2005
Distribution: Fedora,Trustix,FreeBSD
Posts: 62

Original Poster
Rep: Reputation: 15
So, how do I write this C program? In the end, I need to run a Bash script, but as it is, the script still runs as uid 501.

Code:
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <errno.h>


int main()
{
        int rc;

        printf("geteuid()= %i\n", geteuid());

        system("/bin/bash /tmp/test\");

        int rc = execl("/bin/bash","/tmp/test", (char *)0);
        printf("exec rc = %i\n", rc);
        if (-1 == rc)
        {
                perror("reload_firewall: ");
        }

}
 
Old 02-09-2007, 04:32 PM   #8
ahz10
Member
 
Registered: Apr 2005
Distribution: Fedora,Trustix,FreeBSD
Posts: 62

Original Poster
Rep: Reputation: 15
I think I got it now. Using visudo, I create a /etc/sudoers entry:

Code:
ALL ALL=NOPASSWD: /usr/local/bin/reload_firewall2
Then, the reload_firewall2 can run a C program like

Code:
system("/root/scripts/reload_firewall");
Now, I can control my firewall from a different computer through a PHP web script. Nice.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
smbmnt setuid slackamp Slackware 3 10-03-2006 09:44 AM
setuid int0x80 Linux - Security 3 12-02-2005 02:33 PM
Perl Setuid linchat Fedora 3 02-26-2005 09:19 AM
setuid Help devinWhalen Linux - General 2 12-03-2003 10:57 AM
Setuid SirTurbo Linux - General 1 03-26-2003 07:57 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:20 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration