On 01.06.00, 11:02:39, "Al O'Connor" <oconnoat at tcd.ie> wrote regarding
[ILUG] setuid root in programs.:
> I was reading that some programs setuid themselves to root to do things
> think mount -all can be made to do it?). What are the restrictions of
> How are malicious (or stupid) programs prevented from root-ing themselves
> and causing Bad Things to happen?
Restrictions are that only a program that has the setuid bit set in its
file permissions can do things as root when run by an ordinary user. An
arbitrary program cannot just ask to do things as root and have that
succeed. The root user must manually set this bit with chmod, of course
some programs are installed setuid in the original setup install.
ls -l some_random_setuid_program
-rwsr-xr-x 1 username groupname some_random_setuid_program
Once the program is able to run as root there are no restrictions, true
enough badly written programs which are setuid are a constant problem,
but mostly through not being robust enough to defend against being
deliberately fed bad data in an attempt to overwrite buffers and/or cause
a crash so as to get access to otherwise hidden data or more desirably to
get the program to run other programs that it shouldn't, ideally a nice
full shell. Big complex programs are fertile ground for this sort of
stuff, xterm used to have a stack of bugs as it could be setuid root so
that it would log each instance into utmp as a user but could be happily
messed with to give a nice root shell. Theres only a handful of programs
that need it, X for instance.
 man chmod
 man setuid (c api)
Theres a lot of work going into capabilites etc which would allow a
program to be given the capability of "fiddling with utmp" which would
restrict it from doing anything other that that, X servers and games
which can only access the graphics hardware rather than everything and so
forth, but for the moment its all or nothing.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!