Re: chmod u+s confusion

[David Fierbaugh <david@fierbaugh.org>]

I'd have to actually do a little playing around to make sure, but I believe 
that whoami is specifically written to NOT take SUID into account. It figures 
out exactly who ran the process which called it.

This prevents faking out whoami into saying everyone is root.

Why?
Let's say you have a script that runs whoami to determine what 
access/control/etc a user should be given. If an attacker could manage to 
fake whoami into always saying the user was root by using suid, then they now 
have administrative access to whatever that script does.

This would be a bad thing.

You might also want to take a look at /bin/id

--David

On Friday 07 April 2006 09:41, Chris Largret wrote:
> Hey,
>
> I've used chmod to set suid for a file before and thought I had a good
> grasp of how it worked. Recently I've found myself trying to set it for
> a script. Here's what I see ($ denotes user account, # is root):
>
> $ echo -e '#!/bin/sh\n\nwhoami'>whoami.sh
> # chown root:root whoami.sh
> # chmod 4755 whoami.sh
> $ ./whoami.sh
> chris
> # chmod u+s `which whoami`
> $ whoami
> root
>
> [Note: u+s is equivalent to 4xxx, sorry for the change-up]
>
> So... why doesn't this make whoami.sh run the 'whoami' program as root?
> It's worked for the programs whoami, and is a common mode set on
> cdrecord.
>
> Thanks for your help (and enlightenment).
>
> --
> Chris Largret <http://daga.dyndns.org>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.linux-learn.org/faqs
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs