Same as topic.
I'm root. Then switch to user1 using
su - user1
Then execute command as root without sudo or suid/chmod. Is it possible?
One person probably did this but tells me it's a magic trick...
Asked
Active
Viewed 183 times
2
-
3Would be a huge security problem if this were possible. – muru Mar 24 '20 at 10:16
-
Add execution permissions to required executable file for target user/group – aepot Mar 24 '20 at 11:11
1 Answers
2
This is not a huge security problem. The true problem is in how people erroneously think that su works.
su adds privileges to a login session. It does not take existing privileges away, or overlay existing processes, or create new login sessions. One can very simply suspend the child shell and go back to the parent one. Without the - one can even do this with the handy suspend command that is built-in to the C, Z, Korn, and Bourne Again shells. With it, suspension is an only slightly more difficult exercise in the use of the kill utility.
The architecture of dropping privileges is quite different. It involves chain-loading through programs such as setuidgid and not abusing su (or indeed sudo). su (and sudo) is for adding privileges, not dropping them.
Further reading
- https://unix.stackexchange.com/a/353698/5132
- Jonathan de Boyne Pollard (2014). Don't abuse
sufor dropping user privileges. Frequently Given Answers.
JdeBP
- 68,745