When SUID is Ignored?

Whilst I am aware of the issues of using SUID/GUID scripts, what I was unaware of was that the Linux kernel is a little more strict on the permissions when it comes to execution.

So let me give you an example:

#!/bin/sh
id

A simple script that will display the id (and therefore prove the point of this little example!). So if we change the permissions to add the SUID and change ownership to root we should, if we trust permissions, be able to execute the script as root.

$ su
...
# chown root:root test.sh
# chmod 4555 test.sh
# ls -l test.sh
-r-sr-xr-x 1 root root 13 Nov  1 21:48 test.sh
# exit
$ ./test.sh
uid=1000(znx) gid=100(users) groups=10(wheel),100(users)

So even with the permissions set, the kernel (correctly) ignores them. The only way to get around this is to give the permission to the binary that is interpreting the code. Of course in the case of shellscripts, giving SUID to sh/bash is not clever!

This protection prevades all scripts, all of which I find rather good. Nice to see a proactive step to stop silly users like me! Of course if you are then completely pigheaded you would find this:

# sysctl -w kern.sugid_scripts=1

And then, yay SUID scripts are allowed! Let the abuse begin.

Speaking of protection one of my fellow ops on #linux-noob wrote a simple piece to workaround a flash music player's hidden playlist, enjoy!.

Navigation

Misc

Friends

Gentoo

Irssi

Bugs
Irssi

Kutzooiv2