Strange set-uid behaviour...

Strange set-uid behaviour...

Post by Lars Joergen A » Tue, 05 Oct 1993 05:50:53

  This is very strange indeed:

We are 2 friends, who cooperate a lot on schoolwork etc, so we wanted to
have better access to eachother files.  We have a group for our selves,
and we both did this:

cp /usr/local/bin/bash ~/bin
chgrp src ~/bin/bash
chmod 4750 ~/bin/bash

After that, we both had a set-uid shell in our directories which only the
2 of us could run...  So to try it out I ran bash from his bin-dir, and he
ran bash from my bin-dir...  When I typed "id" I got this output:

uid=1401(me) gid=218(src) euid=1433(him)

So what could I do?
  1. I could read all his files.
  2. I could create new files (even if gid(src) hadn't write-access).
  3. I could delete files.
and what couldn't I do?
  1. I could not create directories.
  2. I could not remove directories.

This I think is very strange, and another thing even more strange is that
he could create directories in my account when he ran the bash that
was setuid me...  But after some days he couldn't make directories anymore...

Does anyone have a clue why I couldn't create directories on his account?




1. PPPD on Redhat requires set-uid root

I have a problem with pppd on a linux redhat 5.2 release.

If I want remote users to be able to log in, I need to chmod +s
/usr/sbin/pppd. If I don't do that, the user get an error message saying

Must be root to run /usr/sbin/pppd, since it is not setuid-root

You will find here after the permissions on all the pppd files.
basically, I would like all the users belonging to pppusers to be able
to use pppd.

Moreover, I wish to setup a call back --> User logs in an pppd calls
back to a preset phone number.

crw-------   1 root     uucp       5,  64 mai  5  1998 /dev/cua0

lrwxrwxrwx   1 root     root        9 mar 25 14:17 /dev/modem ->

-rwxr-xr-x   1 root     root       106876 jun  8  1998 /usr/sbin/pppd

drwxr-xr-x   2 root     root         1024 mai 25 16:33 .
drwxr-xr-x  22 root     root         2048 mai 28 13:41 ..
-rw-------   1 root     daemon         78 jun  8  1998 chap-secrets
-rwxr-xr-x   1 root     root          265 oct 15  1998 ip-down
-rwxr-xr-x   1 root     root          349 oct 15  1998 ip-up
-rw-r--r--   1 root     daemon         61 mar 26 11:04 options
-rw-r--r--   1 root     root           28 mar 26 11:11 options.ttyS0
-rw-------   1 root     daemon         77 mar 18 13:57 pap-secrets
-rwxr-xr-x   1 root     root         1884 mar 26 11:43 ppplogin

2. hi,a question

3. SET-UID command to become root?

4. PostgreSQL driver for AOL server

5. SET-UID not working?

6. FreeBSD vs Linux please STOP ....

7. set-uid programs on a vold-mounted CD-ROM?

8. redhat to tubolinux?

9. set-uid/file permissions of xlock and sys-suspend

10. set-uid wrapper in C

11. Set-UID runtime libraries?

12. SET-UID to become root?

13. UNIX set-UID to become root?