Board index Unix shell

SetUID question

SetUID question

Post by Vishal C. Thakk » Fri, 13 Jun 1997 04:00:00



i have a script say
and it contains,

#Script A
sh

Lets call it A, if i set the uid bit and gid bit and i make it executable
by world. ie
-rwsrwsrwx
and somebody runs the script,
As a result, the executer will get a sh prompt,
if he does whoami, he does not get my username but his. Why?
--
__________________________________________________________________________
Vishal C. Thakkar                               4632, South Hagadorn Road,
Graduate Student,                             Twyckingham Apts, Apt # C28,
Dept. of Electrical Engineering,                   East Lansing, MI 48823.
Michigan State University.                         Phone # (517) 332 8616.


__________________________________________________________________________

 
 
 
Top

SetUID question

Post by Herve Couppe de Lahongrais - CD » Fri, 13 Jun 1997 04:00:00



> i have a script say
> and it contains,

> #Script A
> sh

> Lets call it A, if i set the uid bit and gid bit and i make it executable
> by world. ie
> -rwsrwsrwx
> and somebody runs the script,
> As a result, the executer will get a sh prompt,
> if he does whoami, he does not get my username but his. Why?

Because setting SUID bit on a shell-script *HAS NO EFFECT* on almost all
Unix systems, if not all.

Taken from man exec :

   Note that the set-user-ID and set-group-ID functions do not apply to
   scripts; thus, if execlp() or execvp() executes a script, the
set-user-ID
   and set-group-ID bits are ignored, even if they are set.

STANDARDS CONFORMANCE
   execlp(): AES, SVID2, SVID3, XPG2, XPG3, XPG4, FIPS 151-2, POSIX.1

--
Herve Couppe de Lahongrais (SEU)       | Eurocontrol Experimental Centre


 
 
 
Top

SetUID question

Post by Francois Deryc » Fri, 13 Jun 1997 04:00:00




> > i have a script say
> > and it contains,

> > #Script A
> > sh

> > Lets call it A, if i set the uid bit and gid bit and i make it executable
> > by world. ie
> > -rwsrwsrwx
> > and somebody runs the script,
> > As a result, the executer will get a sh prompt,
> > if he does whoami, he does not get my username but his. Why?

> Because setting SUID bit on a shell-script *HAS NO EFFECT* on almost all
> Unix systems, if not all.

> Taken from man exec :

>    Note that the set-user-ID and set-group-ID functions do not apply to
>    scripts; thus, if execlp() or execvp() executes a script, the
> set-user-ID
>    and set-group-ID bits are ignored, even if they are set.

> STANDARDS CONFORMANCE
>    execlp(): AES, SVID2, SVID3, XPG2, XPG3, XPG4, FIPS 151-2, POSIX.1

> --
> Herve Couppe de Lahongrais (SEU)       | Eurocontrol Experimental Centre


So, is it possible to have the desired effect using a system() call from
a C program which is SUID and GUID ?

--

        (o o)                  http://www.tele.ucl.ac.be/PEOPLE/fd.html
-----oOO-(_)-OOo-------------------------------------------------------
Ir. Fran?ois Deryck - Research Assistant       Phone : +32 10 47 80 71
UCL - Universit Catholique de Louvain                 +32 10 47 23 00
Communications and Remote Sensing Laboratory    Fax   : +32 10 47 20 89
-----------------------------------------------------------------------

 
 
 
Top

SetUID question

Post by Herve Couppe de Lahongrais - CD » Fri, 13 Jun 1997 04:00:00





> > > i have a script say
> > > and it contains,

> > > #Script A
> > > sh

> > > Lets call it A, if i set the uid bit and gid bit and i make it executable
> > > by world. ie
> > > -rwsrwsrwx
> > > and somebody runs the script,
> > > As a result, the executer will get a sh prompt,
> > > if he does whoami, he does not get my username but his. Why?

> > Because setting SUID bit on a shell-script *HAS NO EFFECT* on almost all
> > Unix systems, if not all.

> So, is it possible to have the desired effect using a system() call from
> a C program which is SUID and GUID ?

Yes, it is possible. Example :

1) Edit and compile the following file foo.c

#include <stdlib.h>

int     main(int argc, char *argv[])
{
        return system("my_whoami");

Quote:}

2) Set the SUID bit on the executable foo

fred> chmod u+s foo

3) Edit the script my_whoami

#!/bin/sh
whoami

4) Set the exec bit on the script my_whoami

fred> chmod a+x my_whoami

5) Run foo as user fred : it prints "fred"

6) Run foo as another user : it also prints "fred"

--
Herve Couppe de Lahongrais (SEU)       | Eurocontrol Experimental Centre

 
 
 
Top

SetUID question

Post by Andreas Schw » Sat, 14 Jun 1997 04:00:00



|>> So, is it possible to have the desired effect using a system() call from
|>> a C program which is SUID and GUID ?

|> Yes, it is possible.

No, not with modern shells.  They'll drop the privileges unless called
with -p, which is impossible with system().  You'll have to use execve(2)
directly.

--
Andreas Schwab                                      "And now for something

 
 
 
Top

1. Very Simple Setuid Question

Please Help!
I am trying to write a setuid script that will let me chown a file (a
p.file in SCCS for anyone interested ). I know this must be easy, but
no matter what I try I can not get this thing to work.
Here it is:

#!/bin/csh -b
ls -l $file
chown dw096261 $file
ls -l $file
exit

currently the files perms look like this
-rwsr-sr-x    1 root     other        108 Jun  4 13:06 chfile

What am I doing wrong?!?!

Thanks in advance
Dennis Worsham

Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.

2. Having trouble w/ PPP

3. setuid question

4. independently controlling access with two IP addresses for same machine

5. Modifying /etc/resolv.conf ( please HELP)

6. PATH Questions and whereis

7. setuid question (help)

8. Setuid question

9. setuid questions

10. Setuid question...

11. setuid() questions


All times are UTC
Board index