Results 1 to 3 of 3

Thread: The origin/history of SUID's

  1. #1

    The origin/history of SUID's

    I have been looking for a while now and still can't find a good tutorial on what SUID is and how it can be used against you, I'm reading hacking linux exposed at the moment and can't find anything on the topic, could someone please point me in the right direction?!

    -xposed

  2. #2
    Senior Member
    Join Date
    Oct 2001
    Posts
    638
    I have been looking for a while now and still can't find a good tutorial on what SUID is and how it can be used against you, I'm reading hacking linux exposed at the moment and can't find anything on the topic, could someone please point me in the right direction?!
    OK, setuid programs are designed to run with higher privileges than the user who runs the program. The /etc/passwd executable is an example of this. An ordinary user runs this program but this program effectively has to run as root because it needs to make changes to files such as /etc/shadow and /etc/shadow which are only changeable by a superuser (ie. root).

    So what happens if a setuid program crashes? Well, if it crashes before it has had a chance to change it privileges back down to the user's there is a risk that the user might be able to exploit this to execute commands with the program's elevated privileges. A common example of this is a buffer overflow attack. The user passes a setiud program some evil code and it crashes the program and usually spawns a remote shell with the higher privalidges of the setuid program. If the program happened to be running as root, guess what? The system has just been owned .
    OpenBSD - The proactively secure operating system.

  3. #3
    Senior Member
    Join Date
    Apr 2002
    Posts
    366

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •