-2

I know about setuid bit on /bin/passwd file which allows us (non-root user) to run that command as root user. running passwd command requires root permissions to change /etc/shadow file.

My question is if I am running passwd command as root why I can't change the password of root since I am root while I am running that command?

edward@ArchLinux:~$ passwd root
passwd: You may not view or modify password information for root.

Is it passwd command that does not allows non-root user to change the password? Can I write a malicious passwd command with setuid bit that can change any user's password?

(Logically I know that this would be disastrous but I want to know how this works in background)

Alex Jones
  • 6,353

1 Answers1

3

passwd(1) checks the credentials of whoever invokes it, and if that isn't root it doesn't allow to change the relevant entries for other users.

The scenario you describe is exactly the reason why SUID/SGID programs have to be written with the utmost care, to avoid the possibility of them being tricked into doing something unexpected, or compromised in some way.

vonbrand
  • 18,253
  • but I can write a malicious passwd command and let non-root user change anyone's password right? – Alex Jones Feb 04 '16 at 13:06
  • 2
    @edwardtorvalds yes, but to do that you need to already have root access so the point is moot. If you have root access you can do pretty much anything anyway. – terdon Feb 04 '16 at 13:23
  • @terdon I am well aware of that sir, but the point was how can setuid be exploited if not used carefully – Alex Jones Feb 04 '16 at 13:33
  • 2
    @edwardtorvalds OK, but that's not a valid example of it. And it's also not what your question was about. Sure, you can create a malicious anything if you have root access and then make it SUID. However, doing so requires root access so the danger is not so much in allowing SUID programs but in permitting users to obtain root access. – terdon Feb 04 '16 at 13:36