Re: SUID program removal

From: Jason Giglio (jgiglio@smythco.com)
Date: 10/22/01


Date: Mon, 22 Oct 2001 14:26:25 -0400
From: Jason Giglio <jgiglio@smythco.com>
To: Seth Arnold <sarnold@wirex.com>, focus-linux@securityfocus.com
Subject: Re: SUID program removal
Message-Id: <20011022142625.276d0806.jgiglio@smythco.com>

Seth Wrote:
> > What's the point of 511 rather than 500?
>
> Sometimes, one wants standard users to be able to execute the setuid
> programs. Afterall, if one didn't want anyone but root to run the
> program, it doesn't really need the setuid bit anyway, does it? :)

Just to end this part of this thread, the reason I asked that was I was under the erroneous impression that one could not execute what one could not read.

It is somewhat true with #! scripts, but Charles Clancy showed me how that can be done also, using setuid bits, and Paul Timmins pointed out that kernel run binaries don't ever need the read bit set to be able to execute.

Now I just need to hunt down the authors of the book where I read the gross oversimplification that lead me to this belief. Kochan and Wood, I'm looking for you! :)

--Jason



Relevant Pages

  • Re: access control.
    ... >> running it will create temporary files and output files. ... yes "Saved setUID" exists in aix, ... say dir/a dir/b and dir/c have execute permission only for "admin". ...
    (comp.unix.programmer)
  • getpwnam fails in setuid program using NIS+ on HP-UX 11
    ... The user root is defined in the local /etc/passwd file, johan is defined ... in some remote NIS+ table. ... I remove the setuid bit it works correctly under all circumstances. ... If I execute it using tusc it also works ...
    (comp.unix.programmer)
  • getpwnam fails if called from a program with the setuid bit set
    ... The user root is defined in the local /etc/passwd file, johan is defined ... I remove the setuid bit it works correctly under all circumstances. ... If I execute it using tusc it also works correctly, ...
    (comp.sys.hp.hpux)
  • Re: root user specific commands
    ... The Answer lies in a Concept of setuid. ... any normal user the privilege access of the specified admin related ... Read Write Execute for User and then the next 3 for Group ... root privileges within the created process. ...
    (comp.unix.admin)
  • Re: SUID program removal
    ... one wants standard users to be able to execute the setuid ... Afterall, if one didn't want anyone but root to run the ...
    (Focus-Linux)