Wondered what does it mean by suid wrt a file in UNIX/Linux?
Well, suid is the patented idea of Dennis Ritchie (the inventor of computer language C).
Lets keep things simple, an an executable file has an owner and a group owner like any other file or resource. When it comes to executing a file, not only the one who owns the file can run it but even the "others" can also execute it - given that they are given the execute permission on it by the owner.
Now in the first scenario, when the owner himself runs the program(file) the resultant process has two owners - real and effective. So, if the uid of the person happens to be 567, the real and effective user id's of the process will be 567 each.
In the second scenario, when the other user runs the program (the program file has to have the execute permission on it for others) and if the uid of this person is 590 then the resultant process has a real user id of 590 and the effective user id of 590.
Whenever this running process tries to access another resource like opening a new file on disk file system, the permission for such an access are tested against the effective user id of the process.
So now we know that whenever we run an executable, the process' real and effective user ids are the same as the id of the user who is running this program.
Now when the executable has an suid bit set on it, the real user id of the process would be of the person who runs the process but the effective user id would be of the person who has the file ownership of the program. So now this program can use the resources with the effective uid's user authorization as discussed above and can thus perform some task that was not possible otherwise using the id of the person who ran the program.
To understand this lets take an example:
The passwd command is an executable file and is owned by root. When run, it makes changes to a file /etc/shadow that is not even readble by any user by other means. But when any user runs the passwd command file, they are able to make changes in their respective passwords.
It is how all this works - the passwd command file is owned by root but has a suid bit set on it. When any user other than root runs the program, the process thus created, has the real user id of the person who ran it (Lets take it 567 for example) but its effective user id is of the owner of the passwd command file and that is root's id 0(zero). So whenever any user changes his password by running the password command, the process created, has the effective user id of root and thus it is able to make changes in the /etc/shadow file.
This concept makes those programs which are owned by root and also have suid bit set on them as a potential threat to the UNIX system as they can run with root privileges and can create a havoc once overwritten by some other malicious code. So one must make sure that such binary files are not left writable by mistake.
===========================================
Command to add the suid bit on an executable:
$ chmod u+S file_name
sgid bit works on the same principles, only that it deals with real/effective group users.
Subscribe to:
Post Comments (Atom)
-
Recently discovered a virtual X server i.e. Xvbf. This is a server that ships along with a normal X server from Xorg www.x.org . The X prot...
-
Let us take a quick look at some useful commands here before using and 'inspecting' a template - Node ID / Host Name: A docke... -
The SysOps Associate Exam Blue Print Although there are no SysOps exam prerequisites, it is wise to take this exam after passing at least...
No comments:
Post a Comment