linux:setuid

# Differences

This shows you the differences between two versions of the page.

 — linux:setuid [2019/01/21 11:22] (current)seanburns created 2019/01/21 11:22 seanburns created 2019/01/21 11:22 seanburns created Line 1: Line 1: + <​markdown>​ + # Local Security -- SetUID + # Date: Wed Oct 24 2018 + SetUID is generally used to allow normal users to run programs as if they were + administrators but without them having to become administrators. + + The book highlights how the ping command is often SetUID root. Let's + examine whether it's so on our virtual machines: + + bash + $which ping + /​usr/​bin/​ping +$ ls -l /​usr/​bin/​ping + -rwxr-xr-x. 1 root root 63224 Feb  7  2018 ping + $stat /​usr/​bin/​ping +  + + Compare that to: + + bash +$ which mount + /​usr/​bin/​mount + $ls -l /​usr/​bin/​mount + -rwsr-xr-x. 1 root root 50152 Jul 16 07:56 /​usr/​bin/​mount +$ stat /​usr/​bin/​mount +  + + For the stat command, we can see that the octal mode for the ownership of + the file. For: + + - /​usr/​bin/​ping: ​ 0755 + - /​usr/​bin/​mount:​ 4755 + + ## Task + + - Use the find command to locate any files that have SetUID set to 4000. + - Note the owners of those files. + - Note the locations of those files. + - What's different about files with SetUID on and files with SetGID on? + - + + bash + $sudo find / -perm -4000 -ls +$ sudo find / -perm -4000 | xargs stat -c '%A %a %n' +  + + Question: why is /​usr/​bin/​ping highlighted when using ls -l? + + Use getcap to see file capabilities. Read about capabilites in its + manpage. + + bash + $man getcap +$ getcap /​usr/​bin/​ping + /​usr/​bin/​ping = cap_net_admin,​cap_net_raw+p + \$ man 7 capabilities +  +