LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] setuid root in programs.

[ILUG] setuid root in programs.

Caolan McNamara cmc at stardivision.de
Thu Jun 1 10:39:44 IST 2000 

On 01.06.00, 11:02:39, "Al O'Connor" <oconnoat at tcd.ie> wrote regarding 
[ILUG] setuid root in programs.:

> Hi,
>  I was reading that some programs setuid themselves to root to do things 
(I
> think mount -all can be made to do it?). What are the restrictions of 
this?
> How are malicious (or stupid) programs prevented from root-ing themselves
> and causing Bad Things to happen?

Restrictions are that only a program that has the setuid bit set in its 
file permissions can do things as root when run by an ordinary user. An 
arbitrary program cannot just ask to do things as root and have that 
succeed. The root user must manually set this bit with chmod, of course 
some programs are installed setuid in the original setup install.

ls -l some_random_setuid_program
-rwsr-xr-x   1 username     groupname	some_random_setuid_program
   -
   |
magic bit.

Once the program is able to run as root there are no restrictions, true 
enough badly written programs which are setuid are a constant problem, 
but mostly through not being robust enough to defend against being 
deliberately fed bad data in an attempt to overwrite buffers and/or cause 
a crash so as to get access to otherwise hidden data or more desirably to 
get the program to run other programs that it shouldn't, ideally a nice 
full shell. Big complex programs are fertile ground for this sort of 
stuff, xterm used to have a stack of bugs as it could be setuid root so 
that it would log each instance into utmp as a user but could be happily 
messed with to give a nice root shell. Theres only a handful of programs 
that need it, X for instance.

[1] http://seclab.cs.ucdavis.edu/~bishop/secprog.html
[2] man chmod
[3] man setuid (c api)

Theres a lot of work going into capabilites etc which would allow a 
program to be given the capability of "fiddling with utmp" which would 
restrict it from doing anything other that that, X servers and games 
which can only access the graphics hardware rather than everything and so 
forth, but for the moment its all or nothing.

C.

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell