2byteconsulting - Linux and FreeBSD server tuning, security, scripting, and development services

Articles
Set-UID & Set-GID
Vulnerabilities
Cookies
Ext3 Undelete
Resize & Move EXT2 Partitions

Set-UID & Set-GID Binaries

When talking about "set-uid binaries", people are actually referring to any binary file that has the filesystem's setuid bit set. There is nothing special about the binary itself, but when the operating system runs the program, it changes the access rights to match the owner of the file instead of using the permissions granted to the user running the program. This allows for normal users to make changes to system files; one such use for this is to allow users to change their password. The same thing can be done with the set-gid bit, only it grants access equivalent to the group that owns the file.

While set-uid and set-gid are useful and even required features in a unix operating system, they can cause troubles. Because the binaries are being run with elevated privileges, special care must be taken to ensure that the code inside the program can not be subverted by the user to do something it was not intended to do. For examples of the types of problems that can be caused by set-uid binaries, take a look at our article on vulnerabilities.

DISCLAIMER: 2 Byte Consulting makes no claim and takes no responsibility for the accuracy or suitability of any information offered through these articles. All information is provided as-is and free of charge for educational purposes and the operators will accept no liability.
All pages and content found at 2byteconsulting.com are copyright 2005 by 2 Byte Consulting. Contact us