the setid issue

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help

the setid issue

Postby thunderstorm on Sun Mar 24, 2013 4:36 am

hi all,

i am new to linux just trying out a few things , i came across setid and decided to try it

i created two files A and B with root .

inside file A i tried to access contents of file B .

-rws---r-x 1 root root 16 Mar 24 13:28 A
-rwx------ 1 root root 7 Mar 24 13:28 B

i ran the executable file(still as root user ) A and it was able to access B . after tat i logged into my ordinary user account and i executed A but it was not able to read the contents of file B . I thought that if i setuid on file A then i should be able to access file B's contents because it was created by user root....

Please help me understand
thunderstorm
Level 1
Level 1
 
Posts: 9
Joined: Sun Mar 24, 2013 4:28 am

Linux Mint is funded by ads and donations.
 

Re: the setid issue

Postby viking777 on Sun Mar 24, 2013 7:30 am

setuid is not meant for files it is meant for programs (you can use it on directories as well but I don't recommend it). So if you want to access a root file with a text editor for example you put the suid bit on the editors permissions, not the files.

If you really are new to Linux you should put this idea away for now and maybe come back to it in a few years time, it can be very dangerous:

Programs that use this bit must be carefully designed and implemented to be immune to security vulnerabilities including buffer overruns and path injection. Successful buffer overrun attacks on vulnerable applications allow the attacker to execute arbitrary code under the rights of the process being exploited. In the event a vulnerable process uses the setuid bit to run as root, the code will be executed with root privileges, in effect giving the attacker root access to the system on which the vulnerable process is running.
Fujitsu Lifebook AH532. Intel i5 processor, 6Gb ram, Intel HD3000 graphics, Intel Audio/wifi. Realtek RTL8111/8168B Ethernet.Lubuntu 13.10,Ubuntu12.10 (Unity), Mint16 (Cinnamon), Manjaro (Xfce).
Image
User avatar
viking777
Level 14
Level 14
 
Posts: 5153
Joined: Mon Dec 01, 2008 11:21 am

Re: the setid issue

Postby thunderstorm on Sun Mar 24, 2013 8:40 am

thanks a lot , i have a few linux books , they are either advanced or too basic(like the commands) , where can i find something moderate to get started , it would be of great help for me , i just got linux installed for the first time in my computer (i have been using linux for sometime but just the basic commands and stuff) and i would like to get used to this
thunderstorm
Level 1
Level 1
 
Posts: 9
Joined: Sun Mar 24, 2013 4:28 am

Re: the setid issue

Postby viking777 on Sun Mar 24, 2013 10:14 am

Documentation on Linux is not that good really. Man pages can be useful if you can understand them - they seem to be written in a language known only to their writers as far as I can tell.

The rute guide might be of some interest to you: http://rute.2038bug.com/index.html.gz but really it is just a case of picking it up as you go along. Even Linux magazines are 90% crap.

The world definitely needs a Linux magazine written for users and not sysadmins. Linux is big enough to cope with that now, but the powers that be in the press world don't believe it, so won't do it. The first person that actually does do it will get a very pleasant surprise in my opinion and the others will all be out of a job.
Fujitsu Lifebook AH532. Intel i5 processor, 6Gb ram, Intel HD3000 graphics, Intel Audio/wifi. Realtek RTL8111/8168B Ethernet.Lubuntu 13.10,Ubuntu12.10 (Unity), Mint16 (Cinnamon), Manjaro (Xfce).
Image
User avatar
viking777
Level 14
Level 14
 
Posts: 5153
Joined: Mon Dec 01, 2008 11:21 am

Re: the setid issue

Postby thunderstorm on Sun Mar 24, 2013 11:34 am

:) thanks a lot !!
thunderstorm
Level 1
Level 1
 
Posts: 9
Joined: Sun Mar 24, 2013 4:28 am


Return to Newbie Questions

Who is online

Users browsing this forum: Bing [Bot] and 40 guests