Setuid

Setuid

setuid and setgid (short for set user ID upon execution and set group ID upon execution, respectively) are Unix access rights flags that allow users to run an executable with the permissions of the executable's owner or group. They are often used to allow users on a computer system to run programs with temporarily elevated privileges in order to perform a specific task. While the assumed user id or group id privileges provided are not always elevated, at a minimum they are specific.

setuid and setgid are needed for tasks that require higher privileges than those which a common user has, such as changing his or her login password. Some of the tasks that require elevated privileges may not immediately be obvious, though — such as the ping command, which must send and listen for control packets on a network interface.

etuid on executables

When a "binary" executable file has been given the setuid attribute, normal users on the system can execute this file and gain the privileges of the user who owns the file (commonly root) within the created process. When root privileges have been gained within the process, the application can then perform tasks on the system that regular users normally would be restricted from doing. The invoking user will be prohibited by the system from altering the new process in any way, such as by using ptrace, LD_LIBRARY_PATH or sending signals to it (signals from the terminal will still be accepted, however). Due to the increased likelihood of security flaws, many operating systems ignore the setuid attribute when applied to executable "shell scripts".

While the setuid feature is very useful in many cases, it can pose a security risk if the setuid attribute is assigned to executable programs that are not carefully designed. Users can exploit vulnerabilities in flawed programs to gain permanent elevated privileges, or unintentionally execute a trojan horse program.

The setgid attribute will allow for changing the group based privileges within a process, like the setuid flag does for user based privileges.

The presence of setuid executables justifies the fact that the chroot system call is not available to non-root users on Unix.

The setuid and setgid bits are normally set with the command chmod by setting the high-order octal to 4 or 2 (or 6 to set both). `chmod 6711` will set the setuid and setgid bit (6) make the file read/write/executable for the owner (7) and executable by the group and others (11). All chmod flags are octal, and the least significant bit of the high-order octal is used for a special mode known as the sticky bit.

Most implementations of the chmod command also support symbolic arguments to set these bits. This is shown in the demonstration below as the `chmod ug+s` command.

The demonstration C program below simply obtains and reveals the real and effective user and group id currently assigned to the process. The commands shown first compile the process as user `bob` and subsequently use `chmod` to establish the setuid and setgid bits. The `su` command, itself a client of the setuid feature, is then used to assume the id of `alice`. The effectiveness of the `chmod` command is checked with `ls -l`, and finally the demonstration program is run, revealing the expected identity change, consistent with the /etc/passwd file.

Note that the demonstration program listed below will silently fail to change the effective UID if run on a volume mounted with the `nosuid` option.

Demonstration

[bob@foo] $ cat /etc/passwdalice:x:1007:1007::/home/alice:/bin/bashbob:x:1008:1008::/home/bob:/bin/bash

[bob@foo] $ cat printid.c

#include
#include
#include
#include

int main(void){ printf("Real UID = %d ", getuid()); printf("Effective UID = %d ", geteuid()); printf("Real GID = %d ", getgid()); printf("Effective GID = %d ", getegid());

return EXIT_SUCCESS;}

[bob@foo] $ gcc -Wall printid.c -o printid [bob@foo] $ chmod ug+s printid [bob@foo] $ su alice Password: [alice@foo] $ ls -l-rwsr-sr-x 1 bob bob 6944 2007-11-06 10:22 printid [alice@foo] $ ./printid Real UID = 1007Effective UID = 1008Real GID = 1007Effective GID = 1008 [alice@foo] $

etgid on directories

The setuid and setgid flags, when set on a directory, have an entirely different meaning.

Setting the setgid permission on a directory (chmod g+s) causes new files and subdirectories created within it to inherit its groupID, rather than the primary groupID of the user who created the file (the ownerID is never affected, only the groupID). Newly created subdirectories inherit the setgid bit. Note that setting the setgid permission on a directory only affects the groupID of new files and subdirectories created after the setgid bit is set, and is not applied to existing entities. Setting the setgid bit on existing subdirectories must be done manually, with a command such as the following:

find /path/to/directory -type d -print0 | xargs -0 chmod g+sor [root@foo] # find /path/to/directory -type d -exec chmod g+s {} ;

The setuid flag has no effect on the permission bits (drwxr-sr-x) of any directory or file. It affects only the numerical groupID (commonly represented as a group name).

The setuid permission set on a directory is ignored on UNIX and GNU/Linux systems [cite web|last=Bauer|first=Mick|year=2004|url=http://www.linuxjournal.com/article/7727|title=Paranoid Penguin - Linux Filesystem Security, Part II|publisher=linuxjournal.com] . FreeBSD can be configured to interpret it similarly to setgid, namely, to force all files and sub-directories to be owned by the top directory owner. [cite web|url=http://www.freebsd.org/cgi/man.cgi?query=chmod&apropos=0&sektion=0&manpath=FreeBSD+6.1-RELEASE&format=html|title=chmod manpage on www.freebsd.org]

History

The setuid bit was invented by Dennis Ritchie. His employer, AT&T, applied for a patent in 1972; the patent was granted in 1979 as patent number 4,135,240 "Protection of data file contents". The patent was later placed in the public domain. [cite web| url=http://www.textfiles.com/law/softpat.txt|title=Summary of key software patents]

See also

* Confused deputy problem
* sudo
* Unix security
* chmod
* User identifier (Unix)
* Group identifier (Unix)
* File system permissions
* Privilege revocation
* Privilege separation
* Environment variable

References

External links

* Hao Chen, David Wagner, Drew Dean: [http://www.cs.berkeley.edu/~daw/papers/setuid-usenix02.pdf Setuid Demystified] (pdf)
* Wayne Pollock: [http://wpollock.com/AUnix1/FilePermissions.htm Unix File and Directory Permissions and Modes]


Wikimedia Foundation. 2010.

Игры ⚽ Поможем решить контрольную работу

Look at other dictionaries:

  • Setuid — (parfois suid) est un terme UNIX, abréviation de « Set User ID ». Sommaire 1 Setuid et Setgid pour les exécutables 2 Setgid pour les répertoires 3 Voir aussi …   Wikipédia en Français

  • Setuid — (Set User ID, manchmal auch suid) ist ein erweitertes Unix Dateirecht für Dateien oder Verzeichnisse des Unix Betriebssystems. Ausführbare Programme, bei denen dieses Bit gesetzt ist, werden mit den Rechten des Benutzers ausgeführt dem die Datei… …   Deutsch Wikipedia

  • SetUID — (Set User ID, manchmal auch suid) ist ein erweitertes Unix Dateirecht für Dateien oder Verzeichnisse des Unix Betriebssystems. Ausführbare Programme, bei denen dieses Bit gesetzt ist, werden mit den Rechten des Benutzers ausgeführt dem die Datei… …   Deutsch Wikipedia

  • Setuid — Este artículo o sección necesita referencias que aparezcan en una publicación acreditada, como revistas especializadas, monografías, prensa diaria o páginas de Internet fidedignas. Puedes añadirlas así o avisar …   Wikipedia Español

  • SetUID-Bit — Setuid (Set User ID, manchmal auch suid) ist ein erweitertes Unix Dateirecht für Dateien oder Verzeichnisse des Unix Betriebssystems. Ausführbare Programme, bei denen dieses Bit gesetzt ist, werden mit den Rechten des Benutzers ausgeführt dem die …   Deutsch Wikipedia

  • Suid — setuid и setgid (сокращение от set user ID upon execution (установка ID пользователя во время выполнения) и set group ID upon execution (установка ID группы во время выполнения), соответственно) являются Unix флагами прав доступа, которые… …   Википедия

  • Suid — Setuid Setuid (parfois suid) est un terme UNIX, abréviation de « Set User ID ». Il s agit d une propriété qui est appliquée aux fichiers et répertoires d un système d exploitation UNIX. Grâce à cette propriété, un processus exécutant un …   Wikipédia en Français

  • SUID — Setuid (Set User ID, manchmal auch suid) ist ein erweitertes Unix Dateirecht für Dateien oder Verzeichnisse des Unix Betriebssystems. Ausführbare Programme, bei denen dieses Bit gesetzt ist, werden mit den Rechten des Benutzers ausgeführt dem die …   Deutsch Wikipedia

  • File system permissions — Most modern file systems have methods of administering permissions or access rights to specific users and groups of users. These systems control the ability of the users affected to view or make changes to the contents of the file… …   Wikipedia

  • Set-gid-bit — Setgid (Set Group ID, manchmal auch SGID) ist ein (erweitertes) Unix Dateirecht für Dateien oder Verzeichnisse des Unix Betriebssystems. Ausführbare Programme bei denen dieses Bit gesetzt ist, werden beim angemeldeten Benutzer mit den Rechten der …   Deutsch Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”