Mailinglist Archive: opensuse (4749 mails)

< Previous Next >
Re: [SLE] Root PATH
  • From: Thomas Jones <thomas.jones@xxxxxxxxxxxxxxxx>
  • Date: Sun, 11 May 2003 19:04:40 -0500
  • Message-id: <200305111904.40054.thomas.jones@xxxxxxxxxxxxxxxx>
On Sunday 11 May 2003 18:18, Anders Johansson wrote:
> I was thinking more along the lines of
>
> cp /bin/bash /tmp/.hiddensuidbash
> chmod u+s /tmp/.hiddensuidbash
>

How did you get suid? Myself, as a normal user, can only execute files that
are already suid of the root UID of 0. Wouldn't a user have to be root
already to suid a file under the root UID?

Question: Unless a user scp or ftp's a file into /tmp already containing a
suid bit. But, does not the umask come into affect? All files that use a new
inode are queried against the umask of the parent directory and user
permissions. Right?

hhhmmm.......all the better reason to query a system for suid/sgid every week.

>
> You, as the system admin, are logged in as root. Casually, you go to /tmp
> to copy some backup you've just restored (or whatever).
>

I don't login as root. I learned that the hard way. ;)

> cd /tmp
> cp /mnt/nfsshare/myBackUp .
>
> which cp will be executed?

/bin/cp

> Which will be executed if you run ./cp ? I think
> there's a difference. If you actually type out ./ there's a good chance you
> know which binary you're running.

/tmp/cp

It's seems to be exactly the same end. Regardless of what commands are taking
place. You must still obtain UID status to run them, or as you already stated
use suid/sgid bits.

The scenario that i remember is that a user was tricked into entering the
directory and calling upon the "new" binary. This in effect..would do as you
state. But, then again how many newbies out there check the source, or
understand the code enough to see these.

Nevertheless, it is the default on my systems to mount the /tmp and /home
partitions as "nosuid". Which nullifies your intentions. I would hope that
you do the same. In the end, it will save you an infinite amount of trouble.

Very good point though Anders. You have done your homework ----- i applaud
you. BTW...i believe that the package "harden_suse" does this for you ---a s
well as many other recommended procedures. Anyways, it is all in the Linux
System Administrators Guide(LASG) ------- if anyone is interested.

;) Hopefully, some of the newbies have learned something from our discussion.

--
Thomas Jones
Linux-Howtos Administrator

< Previous Next >