0

As an experiment in playing with the suid bit, I tried writing a script to run apt-get update from a bash script, and then set the suid bit on it, so I could just run ~/update or something.

apt-get update could be anything here - some program that listens on a privileged socket, or writes to / or anything else that has to be run as root. Please don't latch on to apt-get update here.

First try is this, which didn't work, failing with can't get lock, are you root?. The reason would seem to be Setuid bit seems to have no effect on bash.

#!/bin/bash
apt-get update

So I thought I'd try to bypass the shell, but this didn't work either, for the same reason.

#!/usr/bin/perl
system("apt-get", "update").

I've got the permissions correct (afaik) - sudo chmod 4755 ~/update.

Have I misunderstood setuid, or am I just missing something simple?

Gilles 'SO- stop being evil'
  • 829,060
Squidly
  • 445
  • 4
  • 9
  • 1
    Related: Allow setuid on shell scripts – Mark Plotnick Mar 17 '15 at 15:11
  • See sudo strace -fe execve apt-get update, how many of those applications do you think are safe in a privilege escalation context with untrusted environment? Don't use setuid for that, you need to isolate the client. Provide with a service instead (where apt-get is run in a trusted context upon the client's request, instead of apt-get being called in the client's context). Could be as simple as using inetd – Stéphane Chazelas Mar 17 '15 at 15:34
  • @StéphaneChazelas I'm just using apt-get update as the first thing that came to mind that required sudo. The problem is the suid bit, not the practical value of the script. – Squidly Mar 17 '15 at 17:10
  • @MrBones, and I'm saying that only small, heavily reviewed, very safe sections of code should run with setuid. A shell or generic interpreter like perl, let alone apt-get, let alone a shell script don't fall in that category. At least you can make it a bit safer by using sudo that does a bit of sanitizing on the environment. Best is to use a service approach. setuid should only be considered as the last-resort approach. – Stéphane Chazelas Mar 17 '15 at 17:17
  • But how am I supposed to learn using the suid bit if you shut down my questions when I attempt to experiment with it? If I say I'm mucking around in a VM, will that satisfy you? – Squidly Mar 17 '15 at 17:20

2 Answers2

1

suid bit is disabled for scripts in most linux and unix distributions because it opens several security holes.

However, native commands and binary executables can be used with suid bit.

jcbermu
  • 4,736
  • 18
  • 26
0

for this to work, try 

cp /bin/bash /bin/mybash
chmod 4755 /bin/mybash

and use /bin/mybash as shebang ( #!/bin/mybash on first line) for your script.

you sould avoid this on production systems.

Archemar
  • 31,554