开发者

Semantics of SUID (Set-User-ID)

开发者 https://www.devze.com 2023-02-21 20:00 出处:网络
it seems that I have some trouble understanding the semantics of the SUID bit, perhaps someone can help me clarify the situation.

it seems that I have some trouble understanding the semantics of the SUID bit, perhaps someone can help me clarify the situation.

My understanding of the semantic of the SUID bit are as follows: When I set the SUID bit with a file, then the file will be executed as the owner of the file and not as the caller of the file. So to test this behavior I wrote the following python script:

#!/usr/bin/python3 -O

import os

def main():
        print('Real UserID: %d' % os.getuid())
        print('Effective UserID: %d' % os.geteuid())

if __name__ == '__main__':
        main()

After that I created a user named "testuser" with the corresponding group "testuser" and adjusted the file permissions (chown testuser file, chgrp testuser file, chmod u+s,g+x file). Next I added my main user to the "testuser" group so that I can execute the file as a member of the group. After all that the file permissions looked like this:

-rwsr-xr-- 1 testuser testuser  168 2011-04-02 13:35 procred.py*

So when I am login as the testuser the script produces the output:

Real UserID: 1001
Effective UserID: 1001

...and when I run the script as my main user the script outputs:

Real UserID: 1000
Effective UserID: 1000

N开发者_JS百科ow as of my understanding the script should have run as the user with the uid 1001 (the owner of the file) in the latter execution. Am I getting the whole concept wrong or where is my mistake?


Setting the SUID bit on a *.py file does not help in any way here since the script is executed by the Python interpreter which must be set SUID in this case. Using 'sudo' is your better friend here.


Setting SUID does not work for scripts, because the kernel sees the #! (shebang - magic number 0x23 0x21 - man magic) and drops the privileges before calling the interpreter /usr/bin/python with the script as input. A way around is setting the python interpreter SUID root and add functionality to change privileges to the user owning the script before executing the script, in case SUID bit is set. Doing this in a naive way will impose security problems. How to do it in a smart way can be found here: http://perldoc.perl.org/perlsec.html

Additional Links:

  • http://www.in-ulm.de/~mascheck/various/shebang/
  • https://unix.stackexchange.com/questions/364/allow-setuid-on-shell-scripts


I found this link in the web. you can set SUID to this wrapper and use this one. but personally prefer sudo solution. ;)

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号