Re: setuid

Fri, 10 Dec 1999 14:22:10 -0800 

On Fri, 10 Dec 1999, Steve Lee wrote:

> is that the s when you do chmod +x 

you mean when you do +s? yes.  

chmod 4000 filename  will add the setuid bit
chmod +s filename will do the same.

Brian


> 
> On Fri, 10 Dec 1999, Brian wrote:
> 
> > On Fri, 10 Dec 1999, Steve Lee wrote:
> > 
> > > 
> > > what does it mean to run something setuid
> > 
> > It means that when you run the program, the program changes to the uid of
> > the owner of the program.  So if you have a program and its owned by root,
> > and you make it setuid root and executable  (chmod 4755), then anyone who
> > runs that program, will be doing the operations of that program as if they
> > were in fact root.
> > 
> > Take "passwd" for example:
> > 
> > -r-s--x--x   1 root     root        22312 Sep 25 10:52 /usr/bin/passwd
> > 
> > You know, that as user joeblow, you do not have write permission to
> > /etc/passwd or /etc/shadow.  Yet you can run the "passwd" program, and
> > change your passwd (which writes to /etc/passwd and /etc/shadow).  How is
> > this possible?  Because the program is "setuid root", meaning when it
> > runs, it runs as if it were root.  So that even though you cannot write
> > /etc/passwd, the /usr/bin/passwd program CAN since it runs as if it were
> > root.
> > 
> > setuid programs can open a whole slew of security problems.  Race
> > conditions, incomplete path names, poor enviroment, etc, are just the tip
> > of the iceburg.  Lots of caution to anyone who decides to setuid a
> > program.
> > 
> > Brian
> > 
> > 
> > > 
> > > 
> > > -- 
> > > To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> > > as the Subject.
> > > 
> > 
> > -----------------------------------------------------
> > Brian Feeny (BF304)     [EMAIL PROTECTED]   
> > 318-222-2638 x 109  http://www.shreve.net/~signal      
> > Network Administrator   ShreveNet Inc. (ASN 11881)        
> > 
> > 
> > -- 
> > To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> > as the Subject.
> > 
> 
> 
> -- 
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
> 

-----------------------------------------------------
Brian Feeny (BF304)     [EMAIL PROTECTED]   
318-222-2638 x 109      http://www.shreve.net/~signal      
Network Administrator   ShreveNet Inc. (ASN 11881)            


-- 
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.

Reply via email to