Create a program illustrating SUID

Shell Programming and Scripting
1

To understand SUID feature, I set SUID bit for a SHELL script.
Then I executed the program by a different user.

In order to understand how it works, I tried different ways like:

1) I didn't give execute permission for the other user (not an owner) and then he tried to execute it.

2) I made the script coded in a way so that when the owner runs, it behaves differently than when other user runs. This I did by including $LOGNAME in the script.

I also tried a few other ways to understand SUID but all these couldn't make me get how SUID works.

Please give me a SHELL script or whatever required so that I get how SUID can be used in real time.

2

The whole point of set-UID code (a.out format executables, executable shell scripts or, on most systems a script to be run by the interpreter named by a #! line at the start of a file) is that it runs with the permissions needed to access (read, write, or execute) anything that someone who had logged in as the owner of that file could access.

So, if you have personal files that are mode 700 (readable, writeable, and executable only by you) and you let someone run code that you own with the set-UID bit set, the user running that code can read, write, and execute those personal files if that code accepts names of files from the user causing the code to access those files.

For example, let's assume you have a file /Users/login/private containing:

login's password: xxx
login's bank and account number: xxx

set up such that ls -l for that file produces:

-rw-------  1 login  staff  59 Mar 30 21:42 /Users/login/private

And, assume you have a shell script /Users/login/bin/pp that contains:

#!/bin/ksh
cat /Users/login/private

that is readable and executable by anyone:

-rwxr-xr-x  1 login  staff  36 Mar 30 21:46 /Users/login/pp

Then when the user named login runs this script, (s)he will see the contents of the file private displayed on the screen. But, if anyone else runs this script, they will see something like:

cat: /Users/login/private: Permission denied

But, if you make this script set-UID:

-rwsr-xr-x  1 login  staff  36 Mar 30 21:46 /Users/login/pp

then when any user runs this script they will see the contents of the file.

Setting up a secure set-UID shell script is not something you should do unless you fully understand all of the ways that the script could be spoofed into performing undesired things to your personal data. If you look at the EXAMPLES section of the POSIX command utility in the Man Pages section of this forum, you can get an overview of some of the issues that need to be considered when writing set-UID shell scripts.

3

Don, I tried the way you told me earlier while practising SUID. Now, also, I did the same you wrote but still the other user can't read the private file.

Please have a look at the attachment which is self explanatory.

I logged in as "Bholua". She created filename "private.txt" with "700" permission.
She created bb.sh with "755" permission.

Then with su command , "chunmun" logged in the system. She ran bb.sh. She was able to execute the script but the same error message"permission denied" was shown when the private file had to be opened. That means "chunmun" couldn't get the power of the owner "Bholua".

Please see where the point is which we are missing.
Hoping to get a reply soon.

4

No. You missed two key points.

  1. The first line in bb.sh should be:
    text #!/bin/)bash
    (or #! followed by whatever the absolute path is on your system to bash if it is not /bin/bash).
  2. Run it by using the command:
    text ./bb.sh

When you run the script using the command:

bash bb.sh

you are running the commands in bb.sh as the current user (not making use of the set-UID feature) of the executable.

------------------
PS Note that you need to use chmod 4755 instead of 755 to set the set-UID bit, but it looked like you had already done that.

5

Don, earlier, I had checked by running like this also

./bb.sh

Now, also after reading your post I again ran like this but the same result.
My screenshot proves this.
Also, I had used my 1st line in bb.sh as

#! /bin/bash

(there is a space between #! and /bin/bash, I hope this shouldn't be a problem because your post doesn't reflect any space.)
But the same output. See my screenshot please.

And yes I was thinking how

#! /bin/bash

can be a problem as it's only an interpreter line to say which sub-shell I want to use for my script. In absence of that, obviously the same shell as of parent would have been used.

Also, Don although my screenshot shows that I changed the user using su command, but I tested running the script by logging off the owner "Bholua" and then logging back with the other user "chunmun".

So, where are we missing something???

6

Linux ignores SUID bit in scripts at all. You need a SUID binary program as a helper, e.g. sudo.

1 Like
7

MadeInGermany, can you please illustrate completely with an example so that it will be clear how to use. YOu can take the example already in the post. Now how to use in this example

8

suid is for binary executables, not shell scripts. This is for security reasons.

9

Please google for
sudo examples

---------- Post updated at 12:35 PM ---------- Previous update was at 12:25 PM ----------

Traditional Unix and its commercial derivates allow SUID scripts.

10

The standards allow implementations to ignore the set-UID bit on executables as long as they document the conditions when they do so. I wasn't aware that Linux always ignored the set-UID bit on shell scripts.

Many systems allow set-UID shell scripts.

Many systems will clear the set-UID bit on a file when it is opened for writing.

Some systems will clear the set-UID bit on a file whenever the contents of the file are changed.

11

Is his one of them? Many also don't.

12

Obviously, not.

Agreed. Before this thread started, I wasn't aware that disallowing set-UID execution of shell scripts was so common.

13 
Many systems will clear the set-UID bit on a file when it is opened for writing

Per POSIX:

write() system call

Upon successful completion, where nbyte is greater than 0, 
write() will mark for update the st_ctime and st_mtime fields of the file, 
and if the file is a regular file, the S_ISUID and S_ISGID bits of the file 
mode may be cleared.

I don't see where open() does that - FWIW.

14

You're correct in saying that POSIX conforming systems aren't allowed to do this. (Although the standard isn't entirely consistent on this point. The descriptions of ftruncate() and truncate() both say that the S_ISUID and S_ISGID bits may be cleared if they change the size of the file. It is strange that open() with the O_TRUNC flag set doesn't make the same allowance.)

You may have also noticed the RATIONALE in the Base Definitions volume's description of the <sys/stat.h> header:

I believe some non-conforming implementations still clear both of these bits on any successful open for writing, although I can't name any examples at this time.

15

On HPUX suid is not allowed in shell scripts.

As per request, if you are not using shell script for suid operation, passwd program is the best in representing such functionality and more important, how to implement security over it.

Hope that helps
Regards
Peasant.

16

You are right about HP-UX,
but can be allowed by the tunable "secure_sid_scripts"