• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 219
  • Last Modified:

setuid and setting date

If I create a program owned by root and set the mode to 4755, does it run as root?

If this program issues a system call to change the date will it work?

Basically I want a user to be able to change the system's date and time without using root's password.
0
mag062397
Asked:
mag062397
1 Solution
 
WimmekeCommented:
Hi mag!

You posted this question in 1998 and noone answered it. I'm not a linux guru, far from, but I just can't resist giving this question a try with my (very) basic knowledge of setuid. Even if it only was to imagine your amazed face if you receive an email about this one :-)

As far as I know, if a file is setuid and the owner is root, then the setuid will also be root. This means it will have the same priveliges as root has. This includes changing the systems date and time.

This is what I learned in theory. However, I wouldn't be Wimmeke if I didn't try this out. I tested this on /usr/bin/slocate owned by root and set the setuid with chmod 4777 (Was 777). When I ran slocate it ran as the other user instead of as root though :-D

So back to theory ... I will make this a quest to get your question answered after 4 years :-)

PS: Aren't you a linux guru now? With all those extra years of experience? If so, maybe you can help me out with my quest yourself :-)

Ciao

Wimmeke
0
 
mag062397Author Commented:
Wow - 4 years.  I completely forgot about this.  

Well, I just picked my brain for about 10 minutes trying to remember why I asked such a seemingly simple question and I now remember.  I should have used the words "hardware clock" instead of "system" date and time.  

Yes, you are correct a simple chmod 4755 works on the /bin/date command; although, I'm not sure it if worked in Redhat's version 4.x (back in 1998).

I justed looked over my notes on this and I realized that I found the source code to the hwclock program and modified it so that it didn't do a uid (user id) check.

The hwclock.c file checks the UID to see if it is 0 (root's UID).  If not it exits with an error.

So, I believe I asked this question before I modified the hwclock.c program and before I fully understood what the exact problem was.

You are correct, however, setting the suid bit will allow you to set the system's date and time; however, it won't be remembered on a reboot unless you also set the hardward clock.  A setuid doesn't work on the hwclock program because it looks at the user's real id.

Well, it'll be good to but this question to bed.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now