Results 1 to 5 of 5
I was just curious to know: if I run a program which runs suid as root, and it crashes, what are my access rights at that point? Am I still ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 11-18-2010 #1Linux Engineer
- Join Date
- May 2004
- Location
- Harrow, UK
- Posts
- 1,081
A simple question about suid
I was just curious to know: if I run a program which runs suid as root, and it crashes, what are my access rights at that point? Am I still root or do I go back to being myself as soon as the program is no longer running?
"I'm just a little old lady; don't try to dazzle me with jargon!"
- 11-21-2010 #2Linux Engineer
- Join Date
- Aug 2007
- Location
- The Netherlands
- Posts
- 1,429
- 11-21-2010 #3Linux Guru
- Join Date
- Apr 2009
- Location
- I can be found either 40 miles west of Chicago, or in a galaxy far, far away.
- Posts
- 10,141
However, since the program is running as root, if it spawns a new shell, I think that will run as root also. For example, it could spawn an xterm as a nohup'd background process with its output on a remote system, giving someone root access to your system. Then, if the program crashes or is killed, the spawned xterm/shell will continue to run. The lesson here is that one should be VERY careful what is tagged suid-root.
Sometimes, real fast is almost as good as real time.
Just remember, Semper Gumbi - always be flexible!
- 11-23-2010 #4Linux Engineer
- Join Date
- May 2004
- Location
- Harrow, UK
- Posts
- 1,081
That's also a good reason not to give people sudo access to programs like vi that can spawn shells. But I had something a bit different in mind.
You read a lot about exploits in which crackers crash a server program by overloading its input buffers. I just wondered how this worked and whether crashing a program that is running with root permissions can in itself give you root access.
PS I hope it's not against forum rules to tell me
!
"I'm just a little old lady; don't try to dazzle me with jargon!"
- 11-23-2010 #5Linux Guru
- Join Date
- Apr 2009
- Location
- I can be found either 40 miles west of Chicago, or in a galaxy far, far away.
- Posts
- 10,141
Not against the rules to discuss theory. I just don't think it would be good practice to provide functional code. Anyway, a lot of Linux and Unix services have to run as root, even such tools as 'passwd', which is suid-enabled because it has to update such files as /etc/shadow. So, daemons such as sshd, xinetd, ftpd CAN be vulnerable to remote buffer overflow attacks and grant the attacker root privileges. However, once logged in as a normal user, buffer overflow errors in non-suid programs [/I]generally[/I] cannot elevate your privileges.
Originally Posted by hazel 
That's also a good reason not to give people sudo access to programs like vi that can spawn shells. But I had something a bit different in mind.
You read a lot about exploits in which crackers crash a server program by overloading its input buffers. I just wondered how this worked and whether crashing a program that is running with root permissions can in itself give you root access.
PS I hope it's not against forum rules to tell me!Sometimes, real fast is almost as good as real time.
Just remember, Semper Gumbi - always be flexible!
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
