2

My question is about suid! The logic behind that is to grant root permission when a privileged command is executed by a user. For example, passwd has such a feature.

$ ls -l /usr/bin/passwd 
-rwsr-xr-x 1 root root 54224 Aug 21  2017 /usr/bin/passwd

I have written a piece of code which opens a zsh. So, I manually add suid to my executable. 

$ chmod u+s myzs
$ ls -l myzs
-rwsr-xr-x 1 mahmood mahmood  7360 Jul  6 21:34 myzs

However, when I run the binary, the shell opens for the current user (me) and not the root. What is the difference between my binary file and passwd? both have suid.

$ ./myzs 
% whoami                                                                                       
mahmood
Jeff Schaller
  • 67,283
  • 35
  • 116
  • 255
mahmood
  • 1,211
  • 1
    If that could work, then there would be no point having root. Everyone would be root. See @nohillside's answer. You understanding (in your first paragraph), is very slightly off. But in an important way. – ctrl-alt-delor Jul 06 '18 at 17:29
  • May be relevant https://unix.stackexchange.com/questions/101263/what-are-the-different-ways-to-set-file-permissions-etc-on-gnu-linux – ctrl-alt-delor Jul 24 '22 at 14:44

1 Answers1

4

From man chmod

   4000    (the set-user-ID-on-execution bit) Executable files with this bit set 
           will run with effective uid set to the uid of the file owner.

So you need to set the owner of the file to the user you want the binary to run under, e.g. by running

sudo chown root myzs
nohillside
  • 3,251
  • That operation is not permitted by user. I wonder how some documents and videos on the web show that a user can open a root shell. Are they fake? – mahmood Jul 06 '18 at 17:31
  • 3
    @mahmood You need to be root to set file ownership to root, basically. Otherwise it would open quite a wide security hole (which running zsh as root probably does anyway but I hope you know what you are doing). – nohillside Jul 06 '18 at 17:32
  • Yes I am intentionally trying to open a root shell from my account. As I said there are videos and documents that show this is possible. I am not sure if that is OS specific. For example, Kali may allow that! – mahmood Jul 06 '18 at 17:34
  • @mahmood It will work once you have a setuided binary owned by root. The trick part is getting that binary. – nohillside Jul 06 '18 at 17:42