• C

Setuid question: Basic understanding of setuid/ setgid

I found this as a definition of setuid/setgid:
=====================================

SUID and SGID

SUID and SGID programs can be double edged swords as whoever executes them gets the UID of the programs owner. If the program is owned by root, the user becomes root. They can be used to give a user access to something they would normally need root privilege for without giving them the root password. They can also be a serious security risk.

Shell scripts with SUID and SGID bits are not secure, period. This does not mean they should never be used. Rather this goes back to the larger issue of minimizing risk vs. eliminating it. Risk can be minimized by making sure that programs with SUID and SGID are not world readable. This can prevent people from studying the code, discovering how it works and exploiting its weaknesses.

The following command can be used to check for SUID programs owned by root:

=========================================

Now the question:

If I understand this if root creates a file and give you write and execute on it, you could edit the file to make a script to do anything as root ?  

Sounds ouchy.

What are vaid uses of setuid and are there better ways of doing this ?

bitmechanicAsked:
Who is Participating?
 
brettmjohnsonConnect With a Mentor Commented:
> So linux will NOT let me do setuid ?

Linux will not let you do setuid *shell scripts*.  You can create setuid compiled programs [and perl scripts???].


> Can I use Sodo [sic] to permit just one script to be run without the user knowing that he is using it ( and typeing in a second password the user then has to remember ) ?

Although setuid and sudo both allow a user to run a command posing as another user, there are subtle differences in issues of trust.

In a setuid program, the program's author (or system administrator) trusts that the software will do no harm, even in the hands of an untrusted or possibly malicious user.

In a sudo environment, the system administrator creates a list of trusted users (in /etc/sudoers) and only those trusted users may impersonate other users or run certain commands.  It is not all-or-nothing, you can create classes of sudo users with varying levels of trust/access.   Generally, a password must be provided, but that password is the current user's password [not the impersonated user password].  It is used to authenticate that the logged-in user is actually the one running the command [and not someone who happens to be walking by an unmanned terminal].  The users don't have to remember another password; they are challenged to provide their own password.  There are situations where a password challenge is not issued: 1) the current user is root; 2) the current user and the impersonated user are the same; 3) the current user has already authenticated via sudo in the recent past [ <5 minutes by default].

0
 
Kent OlsenConnect With a Mentor Data Warehouse Architect / DBACommented:
Hi bitmechanic,

To do something as "routine" as change your password, the setuid protocol comes into play.  You can't access the password file as any old user.  :)

And of course, if you're using RCS or CVCS for change management, you need a "higher authority" to own certain entities and control changes.

There are a LOT of legitimate uses.  unix as we know it just won't run without it.




Good Luck!
Kent
0
 
sunnycoderConnect With a Mentor Commented:
Hi bitmechanic,

>If I understand this if root creates a file and give you write and execute on it, you could edit the file to make a script to
>do anything as root ?  

If SUID has been used, then yes, thats correct ... but when such situation arises, you would typically have execute only permissions. Admins wont give you read or write permissions for such files. Typical permissions for such files would be -r-s--x--x

>What are vaid uses of setuid
As Kent pointed out, you may need to access/modify some information which is protected e.g. user passwords. No user can be allowed to write to passwords file and yet there is a need to let the users change their passwords. But you can't change a password unless passwords file has been updated.
Way out is to let you execute (execute only ... no r/w) passwd program as root which can then modify the passwords file.

>and are there better ways of doing this ?
There is a program called sudo which permits a user to execute a program as superuser or another user. sudo permits a lot more control over such rights assignments and is supported by detailed logging and mail notifications for unsuccessful attempts. man sudo for more information.

Cheers!
sunnycoder
0
The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

 
brettmjohnsonConnect With a Mentor Commented:
setuid programs are also used to run some complex systems with reduced privileges (rather than elevated privs).   Typical examples are some print services and database services.  Running the software under reduced privileges helps reduce damage to user data or system data from bugs or malicious attacks.

> ... you could edit the file to make a script to do anything as root ?  

There is a philosophy about writing suid root code:  the setuid code should be minimal - consisting of just the code that needs to perform the necessary privileged operations.  Complex code that does not need to be run with escalated privileges should be in a separate program (or program segment). It becomes much easier to audit the smaller code base of the privileged section for correctness.  The last thing you want is to have stack buffer overflow vulnerability in a setuid root program.

Some systems (Linux, AIX, Mac OS X) do not allow you to create setuid shell scripts because they can be inherently vulnerable:  http://www.softlab.ntua.gr/~taver/security/secur11.html

0
 
bitmechanicAuthor Commented:
So linux will NOT let me do setuid ?

0
 
bitmechanicAuthor Commented:

Can I use Sodo to permit just one script to be run without the user knowing that he is using it ( and typeing in a second password the user then has to remember ) ?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.