This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
linux:setuid [2019/01/21 11:22] seanburns created |
— (current) | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | < | ||
- | # Local Security -- SetUID | ||
- | # Date: Wed Oct 24 2018 | ||
- | SetUID is generally used to allow normal users to run programs as if they were | ||
- | administrators but without them having to become administrators. | ||
- | |||
- | The book highlights how the ``ping`` command is often SetUID root. Let's | ||
- | examine whether it's so on our virtual machines: | ||
- | |||
- | ```bash | ||
- | $ which ping | ||
- | / | ||
- | $ ls -l / | ||
- | -rwxr-xr-x. 1 root root 63224 Feb 7 2018 ping | ||
- | $ stat / | ||
- | ``` | ||
- | |||
- | Compare that to: | ||
- | |||
- | ```bash | ||
- | $ which mount | ||
- | / | ||
- | $ ls -l / | ||
- | -rwsr-xr-x. 1 root root 50152 Jul 16 07:56 / | ||
- | $ stat / | ||
- | ``` | ||
- | |||
- | For the ``stat`` command, we can see that the octal mode for the ownership of | ||
- | the file. For: | ||
- | |||
- | - / | ||
- | - / | ||
- | |||
- | ## Task | ||
- | |||
- | - Use the ``find`` command to locate any files that have SetUID set to 4000. | ||
- | - Note the owners of those files. | ||
- | - Note the locations of those files. | ||
- | - What's different about files with SetUID on and files with SetGID on? | ||
- | - | ||
- | |||
- | ```bash | ||
- | $ sudo find / -perm -4000 -ls | ||
- | $ sudo find / -perm -4000 | xargs stat -c '%A %a %n' | ||
- | ``` | ||
- | |||
- | Question: why is ``/ | ||
- | |||
- | Use ``getcap`` to see file capabilities. Read about ``capabilites`` in its | ||
- | manpage. | ||
- | |||
- | ```bash | ||
- | $ man getcap | ||
- | $ getcap / | ||
- | / | ||
- | $ man 7 capabilities | ||
- | ``` | ||
- | </ |