Dear all experts in this forum,
I have faced a audit issue as auditor told that we should not have SUID on /bin/su. As I have checked using Google, I found most of the site only telling that /bin/su should have the permission bit as -rwsr-xr-x but never explain why /bin/su need this permission setting?
Any expert out there can explain this to me why we need the SUID on /bin/su?
As the auditor asked to remove the SUID, what will be the result after that? And why the /bin/su without SUID is more secure? Is that a industry standard for this?
Thanks.
The reason that the su command is SUID is that without this attribute, a non-superuser would not have the privilege to switch user at all, it would simply be running as the original account. The SUID means that for the execution of the code, you will be as the owner of the code, which must be root or another superuser account (i.e. User ID zero)
The code will then be powerful enough to do what it needs and within the code, it will verify that you are allowed to do what you are asking it to, i.e. it may prompt for the target user password.
Robin
1 Like
There's no other way to say it, so I'll say it: your auditor is incompetent.
There are numerous setuid programs in any Unix or Unix-style OS. Many of them need to be setuid for them to operate properly. "su" is one. X windows servers tend to be another. "passwd" also needs to be setuid or users won't be able to set their own passwords. Don't tell me that audit report says to remove the setuid bit from "passwd"...
There are many others, too.
I'd be real careful following the recommendations of that audit report. You're likely to find yourself with non-working systems.
3 Likes
Permit me to be quite extremely blunt. Your auditor is an idiot. He has heard that "SUID is bad" and parroted it, but has no real understanding of it. Following his advice will ruin your machine.
su couldn't possibly work if it weren't SUID. It needs to access the shadow files, which are locked to root!
Now, if there are things which are set SUID but shouldn't be, that would be bad. Having cp set SUID would be a recipe for disaster for example.
3 Likes
Okay, I was just too polite. I am British, so what do you expect? I agree.
If they are asking you why, then they don't understand enough to do their job safely.
- Tell them that the root account is never logged on to, and thye'll probably tell you to remove it.
- Tell them that you have RW filesystems, they will probably insist that they are remounted as RO.
- Tell them that you use telnet to access the server and they will tell you to turn it off, even if you have no other access except the console.
Who would you let near the server that could cost you your job?
Regards,
Robin