setuid-root ? basic questions

setuid-root ? basic questions

Post by peter pils » Mon, 03 Apr 2000 05:00:00



when debugging a printing problem (user cannot lprm) I ran into basic
troubles in understanding setuid-root. I couldnt clear my mind in man
chmod.

assume a file like:

-rwsr-sr-x   1 root     users          95 Apr  2 15:00 testscript

what does it exactely mean ?

when ANY user execute this file it is run as root ?
or:
only a user = root or a user in users can start it so that it run as root
and other users can only run it 'normally' ?

in the first case, which makes more sense to me, why is there a per-user-
setuid and a a pergroup-setuid ?

anyway : on my system neither the first nor the second seems to work.
testscript should delete a file that is owned by root (just for
testingpurpose only !!)

#!/bin/bash
rm -f /tmp/test

where
-rw-r--r--   1 root     root          95 Apr  2 15:00 test

I run this script as root and the file gets deleted. I run the file as
user (groupmembership users or not) and I get a permission-error !

Is it possible that setuid is permitted on my system (its based on
redhat5.2 but with new kernel)

thanks,
peter

--

goldfisch.at.at

 
 
 

setuid-root ? basic questions

Post by Dances With Cro » Mon, 03 Apr 2000 05:00:00


On Sun, 02 Apr 2000 13:17:55 GMT, peter pilsl

Quote:

>when debugging a printing problem (user cannot lprm) I ran into basic
>troubles in understanding setuid-root. I couldnt clear my mind in man
>chmod.
>-rwsr-sr-x   1 root     users          95 Apr  2 15:00 testscript
>when ANY user execute this file it is run as root ?

Yes.

Quote:>in the first case, which makes more sense to me, why is there a per-user-
>setuid and a a pergroup-setuid ?

Security reasons, basically.  If you have this:
-rwxr-sr-x  1  root  uucp    /usr/bin/crud
-rw-rw----  1  root  uucp    /dev/ttyS0

then the SGID bit on the program allows it to be owned by root and run as
group "uucp", so the program can directly access the serial port without
having full root privileges.

Quote:>I run this script as root and the file gets deleted. I run the file as
>user (groupmembership users or not) and I get a permission-error !

SUID shell scripts are not allowed.  Ever.  Too many security holes.

--
Matt G / Dances With Crows              \###| Programmers are playwrights
There is no Darkness in Eternity         \##| Computers are lousy actors
But only Light too dim for us to see      \#| Lusers are vicious drama critics
(Unless, of course, you're working with NT)\| BOFHen burn down theatres.

 
 
 

setuid-root ? basic questions

Post by M. Buchenried » Mon, 03 Apr 2000 05:00:00



>when debugging a printing problem (user cannot lprm) I ran into basic
>troubles in understanding setuid-root. I couldnt clear my mind in man
>chmod.
>assume a file like:
>-rwsr-sr-x   1 root     users          95 Apr  2 15:00 testscript
>what does it exactely mean ?

If the file is a script, which the filename seems to indicate,
nothing. The kernel is setup to ignore the setUID bit for shell
scripts, unless you're using something like sperl . SetUID scripts
are a huge security risk.

[...]

Quote:>Is it possible that setuid is permitted on my system (its based on
>redhat5.2 but with new kernel)

[...]

Don't use a setUID script. Use "sudo" instead .

Michael
--

          Lumber Cartel Unit #456 (TINLC) & Official Netscum
    Note: If you want me to send you email, don't munge your address.

 
 
 

1. Security holes in VGA setuid-root utils

My site was broken into a few months ago using one of the VGA utilities in
/usr/bin that was setuid-root.  It has a hole which allows any file
(/etc/passwd in my case) to be overwritten.  I have since then removed the
setuid bit from it and other programs.

I would recommend against having these VGA utilities setuid-root.  In fact,
I set mine to be runnable by no one EXCEPT root.  Someone could break in
from offsite and tweak your VGA settings, preventing you from seeing what's
being done!  Has anyone else had experience with this hole?

Josh

--
       ______   printf("\x1B[1;35m\x1F\x1B[0m");            "Look to the/\
JoSH Lehan  /                                                future!"--/{}\

         \/                                  ^^^ Try Linux instead.  /______\

2. debugger for linux + threads

3. setuid-root and rsh?

4. New Linux97 Graphics (on white)

5. setuid-root programs and pipes to other processes

6. Remeber BUY MSFT=BUY USA=BUY AMERICAN, not commie monster SCAM linux

7. Core dump and setuid-root

8. svmon -U userid -d -Don't understand the output

9. Safe setuid-root shell script?

10. Help with setuid-root

11. pppd in 'setuid-root' mode

12. Help w/ setuid-root please?

13. help: pppd and setuid-root problem