User Tools

Site Tools


linux:setuid

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
linux:setuid [2019/01/21 11:22]
seanburns created
— (current)
Line 1: Line 1:
-<markdown> 
-# Local Security -- SetUID 
-# Date: Wed Oct 24 2018 
  
-SetUID is generally used to allow normal users to run programs as if they were 
-administrators but without them having to become administrators. 
- 
-The book highlights how the ``ping`` command is often SetUID root. Let's 
-examine whether it's so on our virtual machines: 
- 
-```bash 
-$ which ping 
-/usr/bin/ping 
-$ ls -l /usr/bin/ping 
--rwxr-xr-x. 1 root root 63224 Feb  7  2018 ping 
-$ stat /usr/bin/ping 
-``` 
- 
-Compare that to: 
- 
-```bash 
-$ which mount 
-/usr/bin/mount 
-$ ls -l /usr/bin/mount 
--rwsr-xr-x. 1 root root 50152 Jul 16 07:56 /usr/bin/mount 
-$ stat /usr/bin/mount 
-``` 
- 
-For the ``stat`` command, we can see that the octal mode for the ownership of 
-the file. For: 
- 
-- /usr/bin/ping:  0755 
-- /usr/bin/mount: 4755 
- 
-## Task 
- 
-- Use the ``find`` command to locate any files that have SetUID set to 4000. 
-- Note the owners of those files. 
-- Note the locations of those files. 
-- What's different about files with SetUID on and files with SetGID on? 
- 
- 
-```bash 
-$ sudo find / -perm -4000 -ls 
-$ sudo find / -perm -4000 | xargs stat -c '%A %a %n' 
-``` 
- 
-Question: why is ``/usr/bin/ping`` highlighted when using ``ls -l``? 
- 
-Use ``getcap`` to see file capabilities. Read about ``capabilites`` in its 
-manpage. 
- 
-```bash 
-$ man getcap 
-$ getcap /usr/bin/ping 
-/usr/bin/ping = cap_net_admin,cap_net_raw+p 
-$ man 7 capabilities 
-``` 
-</markdown> 
linux/setuid.1548087745.txt.gz ยท Last modified: 2019/01/21 11:22 by seanburns