SetUID is generally used to allow normal users to run programs as if they were administrators but without them having to become administrators.
The book highlights how the
ping command is often SetUID root. Let's
examine whether it's so on our virtual machines:
$ which ping /usr/bin/ping $ ls -l /usr/bin/ping -rwxr-xr-x. 1 root root 63224 Feb 7 2018 ping $ stat /usr/bin/ping
Compare that to:
$ which mount /usr/bin/mount $ ls -l /usr/bin/mount -rwsr-xr-x. 1 root root 50152 Jul 16 07:56 /usr/bin/mount $ stat /usr/bin/mount
stat command, we can see that the octal mode for the ownership of
the file. For:
findcommand to locate any files that have SetUID set to 4000.
$ sudo find / -perm -4000 -ls $ sudo find / -perm -4000 | xargs stat -c '%A %a %n'
Question: why is
/usr/bin/ping highlighted when using
getcap to see file capabilities. Read about
capabilites in its
$ man getcap $ getcap /usr/bin/ping /usr/bin/ping = cap_net_admin,cap_net_raw+p $ man 7 capabilities