the setid issue

Quick to answer questions about finding your way around Linux Mint as a new user.
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Locked
thunderstorm

the setid issue

Post by thunderstorm »

hi all,

i am new to linux just trying out a few things , i came across setid and decided to try it

i created two files A and B with root .

inside file A i tried to access contents of file B .

-rws---r-x 1 root root 16 Mar 24 13:28 A
-rwx------ 1 root root 7 Mar 24 13:28 B

i ran the executable file(still as root user ) A and it was able to access B . after tat i logged into my ordinary user account and i executed A but it was not able to read the contents of file B . I thought that if i setuid on file A then i should be able to access file B's contents because it was created by user root....

Please help me understand
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
viking777

Re: the setid issue

Post by viking777 »

setuid is not meant for files it is meant for programs (you can use it on directories as well but I don't recommend it). So if you want to access a root file with a text editor for example you put the suid bit on the editors permissions, not the files.

If you really are new to Linux you should put this idea away for now and maybe come back to it in a few years time, it can be very dangerous:
Programs that use this bit must be carefully designed and implemented to be immune to security vulnerabilities including buffer overruns and path injection. Successful buffer overrun attacks on vulnerable applications allow the attacker to execute arbitrary code under the rights of the process being exploited. In the event a vulnerable process uses the setuid bit to run as root, the code will be executed with root privileges, in effect giving the attacker root access to the system on which the vulnerable process is running.
thunderstorm

Re: the setid issue

Post by thunderstorm »

thanks a lot , i have a few linux books , they are either advanced or too basic(like the commands) , where can i find something moderate to get started , it would be of great help for me , i just got linux installed for the first time in my computer (i have been using linux for sometime but just the basic commands and stuff) and i would like to get used to this
viking777

Re: the setid issue

Post by viking777 »

Documentation on Linux is not that good really. Man pages can be useful if you can understand them - they seem to be written in a language known only to their writers as far as I can tell.

The rute guide might be of some interest to you: http://rute.2038bug.com/index.html.gz but really it is just a case of picking it up as you go along. Even Linux magazines are 90% crap.

The world definitely needs a Linux magazine written for users and not sysadmins. Linux is big enough to cope with that now, but the powers that be in the press world don't believe it, so won't do it. The first person that actually does do it will get a very pleasant surprise in my opinion and the others will all be out of a job.
thunderstorm

Re: the setid issue

Post by thunderstorm »

:) thanks a lot !!
Locked

Return to “Beginner Questions”