[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Setuid question:     Basic understanding of setuid/ setgid

Posted on 2006-05-01
6
Medium Priority
?
292 Views
Last Modified: 2010-04-15
I found this as a definition of setuid/setgid:
=====================================

SUID and SGID

SUID and SGID programs can be double edged swords as whoever executes them gets the UID of the programs owner. If the program is owned by root, the user becomes root. They can be used to give a user access to something they would normally need root privilege for without giving them the root password. They can also be a serious security risk.

Shell scripts with SUID and SGID bits are not secure, period. This does not mean they should never be used. Rather this goes back to the larger issue of minimizing risk vs. eliminating it. Risk can be minimized by making sure that programs with SUID and SGID are not world readable. This can prevent people from studying the code, discovering how it works and exploiting its weaknesses.

The following command can be used to check for SUID programs owned by root:

=========================================

Now the question:

If I understand this if root creates a file and give you write and execute on it, you could edit the file to make a script to do anything as root ?  

Sounds ouchy.

What are vaid uses of setuid and are there better ways of doing this ?

0
Comment
Question by:bitmechanic
6 Comments
 
LVL 46

Assisted Solution

by:Kent Olsen
Kent Olsen earned 400 total points
ID: 16579455
Hi bitmechanic,

To do something as "routine" as change your password, the setuid protocol comes into play.  You can't access the password file as any old user.  :)

And of course, if you're using RCS or CVCS for change management, you need a "higher authority" to own certain entities and control changes.

There are a LOT of legitimate uses.  unix as we know it just won't run without it.




Good Luck!
Kent
0
 
LVL 45

Assisted Solution

by:sunnycoder
sunnycoder earned 400 total points
ID: 16583167
Hi bitmechanic,

>If I understand this if root creates a file and give you write and execute on it, you could edit the file to make a script to
>do anything as root ?  

If SUID has been used, then yes, thats correct ... but when such situation arises, you would typically have execute only permissions. Admins wont give you read or write permissions for such files. Typical permissions for such files would be -r-s--x--x

>What are vaid uses of setuid
As Kent pointed out, you may need to access/modify some information which is protected e.g. user passwords. No user can be allowed to write to passwords file and yet there is a need to let the users change their passwords. But you can't change a password unless passwords file has been updated.
Way out is to let you execute (execute only ... no r/w) passwd program as root which can then modify the passwords file.

>and are there better ways of doing this ?
There is a program called sudo which permits a user to execute a program as superuser or another user. sudo permits a lot more control over such rights assignments and is supported by detailed logging and mail notifications for unsuccessful attempts. man sudo for more information.

Cheers!
sunnycoder
0
 
LVL 23

Assisted Solution

by:brettmjohnson
brettmjohnson earned 1200 total points
ID: 16583311
setuid programs are also used to run some complex systems with reduced privileges (rather than elevated privs).   Typical examples are some print services and database services.  Running the software under reduced privileges helps reduce damage to user data or system data from bugs or malicious attacks.

> ... you could edit the file to make a script to do anything as root ?  

There is a philosophy about writing suid root code:  the setuid code should be minimal - consisting of just the code that needs to perform the necessary privileged operations.  Complex code that does not need to be run with escalated privileges should be in a separate program (or program segment). It becomes much easier to audit the smaller code base of the privileged section for correctness.  The last thing you want is to have stack buffer overflow vulnerability in a setuid root program.

Some systems (Linux, AIX, Mac OS X) do not allow you to create setuid shell scripts because they can be inherently vulnerable:  http://www.softlab.ntua.gr/~taver/security/secur11.html

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:bitmechanic
ID: 16584294
So linux will NOT let me do setuid ?

0
 

Author Comment

by:bitmechanic
ID: 16585531

Can I use Sodo to permit just one script to be run without the user knowing that he is using it ( and typeing in a second password the user then has to remember ) ?
0
 
LVL 23

Accepted Solution

by:
brettmjohnson earned 1200 total points
ID: 16587886
> So linux will NOT let me do setuid ?

Linux will not let you do setuid *shell scripts*.  You can create setuid compiled programs [and perl scripts???].


> Can I use Sodo [sic] to permit just one script to be run without the user knowing that he is using it ( and typeing in a second password the user then has to remember ) ?

Although setuid and sudo both allow a user to run a command posing as another user, there are subtle differences in issues of trust.

In a setuid program, the program's author (or system administrator) trusts that the software will do no harm, even in the hands of an untrusted or possibly malicious user.

In a sudo environment, the system administrator creates a list of trusted users (in /etc/sudoers) and only those trusted users may impersonate other users or run certain commands.  It is not all-or-nothing, you can create classes of sudo users with varying levels of trust/access.   Generally, a password must be provided, but that password is the current user's password [not the impersonated user password].  It is used to authenticate that the logged-in user is actually the one running the command [and not someone who happens to be walking by an unmanned terminal].  The users don't have to remember another password; they are challenged to provide their own password.  There are situations where a password challenge is not issued: 1) the current user is root; 2) the current user and the impersonated user are the same; 3) the current user has already authenticated via sudo in the recent past [ <5 minutes by default].

0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Summary: This tutorial covers some basics of pointer, pointer arithmetic and function pointer. What is a pointer: A pointer is a variable which holds an address. This address might be address of another variable/address of devices/address of fu…
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
The goal of this video is to provide viewers with basic examples to understand recursion in the C programming language.
The goal of this video is to provide viewers with basic examples to understand how to use strings and some functions related to them in the C programming language.
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question