• zoe @infosec.pubOP
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      2
      ·
      1 year ago

      i am just reposting. wait till someone knowledgeable that could chip in on the subject

      • caseyweederman
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Hm. Looks like it lets users temporarily assume privileges of the user or group that owns an executable.
        A common example I’m seeing is passwd, which has a permission set of -rwsr-xr-x root root.
        The position of the s means that “suid” is set, which means that if I run it as user casey, it actually gets run as root. I guess? Or it gets run as me but with root privileges? I wonder who the process owner is. I’m gonna experiment.
        I made a root-owned a+x u+s script that ran ps aux | grep $$ and ran it as my regular user and it said my regular user is the process owner and I have to say, I did not learn anything from that.
        Maybe if I make it touch a root-owned a-w file, then if that file’s last-modified date changes even though I ran it as my regular user…?
        Permission denied. Nope, it turns out I still don’t understand suid.

        • LynneOfFlowers@midwest.social
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          I ran into just this problem literally yesterday 😅. It turns out that many Linux distros (not sure which ones exactly but I’m on fedora and it does this) will ignore the suid bit on shell scripts because apparently they’re too easy to exploit for privilege escalation. Sure enough I tried it again with a c program instead of a shell script and the suid bit worked; I was able to write to a file I didn’t have permission for normally. I’m not totally sure exactly which kinds of executables are allowed and which aren’t; it might be binaries only.

          • caseyweederman
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            1 year ago

            Huh!
            Thanks, that would have had me confused for a good while.
            Same behavior on Debian.