Differences

This shows you the differences between two versions of the page.

@@ Line 1: / Line 1: @@
+<markdown>
+# Local Security -- SetUID
+# Date: Wed Oct 24 2018
+SetUID is generally used to allow normal users to run programs as if they were
+administrators but without them having to become administrators.
+The book highlights how the ``ping`` command is often SetUID root. Let's
+examine whether it's so on our virtual machines:
+```bash
+$ which ping
+/usr/bin/ping
+$ ls -l /usr/bin/ping
+-rwxr-xr-x. 1 root root 63224 Feb  7  2018 ping
+$ stat /usr/bin/ping
+```
+Compare that to:
+```bash
+$ which mount
+/usr/bin/mount
+$ ls -l /usr/bin/mount
+-rwsr-xr-x. 1 root root 50152 Jul 16 07:56 /usr/bin/mount
+$ stat /usr/bin/mount
+```
+For the ``stat`` command, we can see that the octal mode for the ownership of
+the file. For:
+- /usr/bin/ping:  0755
+- /usr/bin/mount: 4755
+## Task
+- Use the ``find`` command to locate any files that have SetUID set to 4000.
+- Note the owners of those files.
+- Note the locations of those files.
+- What's different about files with SetUID on and files with SetGID on?
+-
+```bash
+$ sudo find / -perm -4000 -ls
+$ sudo find / -perm -4000 | xargs stat -c '%A %a %n'
+```
+Question: why is ``/usr/bin/ping`` highlighted when using ``ls -l``?
+Use ``getcap`` to see file capabilities. Read about ``capabilites`` in its
+manpage.
+```bash
+$ man getcap
+$ getcap /usr/bin/ping
+/usr/bin/ping = cap_net_admin,cap_net_raw+p
+$ man 7 capabilities
+```
+</markdown>

C. Sean Burns: Notebook