User Tools

Site Tools


linux:setuid

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

linux:setuid [2019/01/21 11:22] (current)
seanburns created
Line 1: Line 1:
 +<markdown>
 +# Local Security -- SetUID
 +# Date: Wed Oct 24 2018
  
 +SetUID is generally used to allow normal users to run programs as if they were
 +administrators but without them having to become administrators.
 +
 +The book highlights how the ``ping`` command is often SetUID root. Let's
 +examine whether it's so on our virtual machines:
 +
 +```bash
 +$ which ping
 +/usr/bin/ping
 +$ ls -l /usr/bin/ping
 +-rwxr-xr-x. 1 root root 63224 Feb  7  2018 ping
 +$ stat /usr/bin/ping
 +```
 +
 +Compare that to:
 +
 +```bash
 +$ which mount
 +/usr/bin/mount
 +$ ls -l /usr/bin/mount
 +-rwsr-xr-x. 1 root root 50152 Jul 16 07:56 /usr/bin/mount
 +$ stat /usr/bin/mount
 +```
 +
 +For the ``stat`` command, we can see that the octal mode for the ownership of
 +the file. For:
 +
 +- /usr/bin/ping:  0755
 +- /usr/bin/mount: 4755
 +
 +## Task
 +
 +- Use the ``find`` command to locate any files that have SetUID set to 4000.
 +- Note the owners of those files.
 +- Note the locations of those files.
 +- What's different about files with SetUID on and files with SetGID on?
 +
 +
 +```bash
 +$ sudo find / -perm -4000 -ls
 +$ sudo find / -perm -4000 | xargs stat -c '%A %a %n'
 +```
 +
 +Question: why is ``/usr/bin/ping`` highlighted when using ``ls -l``?
 +
 +Use ``getcap`` to see file capabilities. Read about ``capabilites`` in its
 +manpage.
 +
 +```bash
 +$ man getcap
 +$ getcap /usr/bin/ping
 +/usr/bin/ping = cap_net_admin,cap_net_raw+p
 +$ man 7 capabilities
 +```
 +</markdown>
linux/setuid.txt ยท Last modified: 2019/01/21 11:22 by seanburns