[clue-tech] Using SUID to downgrade root's access
David Anselmi
anselmi at anselmi.us
Mon May 23 22:00:43 MDT 2005
Angelo Bertolli wrote:
> I've been trying to set the SUID bit to make an executable (in this case
> a shell script) run as a certain user. In particular this is something
> I'd like to be run as "nobody." So I used `chown nobody` and `chmod u+s`
This:
http://scrye.com/~kevin/lsh/april-99/Security-HOWTO-5.html
says (just before section 5.3) that the kernel ignores SUID on shell
scripts. That's what I've always heard so probably you can't do it.
You can almost certainly compile a kernel that will allow SUID scripts
but it probably isn't worth the effort for the security hole you get as
a result.
Of course you can easily translate your script into C with system() and
then Linux will happily run it SUID. That isn't any more secure (and
I've seen professionals write local root vulnerabilities just that way).
I know, in your case you're trying to reduce priviledge so it's annoying
that Linux gets in your way.
The right way to do this is put your entry in /etc/crontab (or a file in
/etc/cron.d) and specify the user to run as. See crontab(5).
Dave
More information about the clue-tech
mailing list