I'm trying to check how the SUID works, and I have created a binary with the shc compiler from this script:
#!/bin/bash
echo "I'm the script"
sleep 5
cat /srv/test/secret
The binary is owned by user kali (/usr/bin/hehe). I added execution permissions and the SUID bit.
.rwsrwxr-x kali kali 15 KB Fri Feb 9 00:49:58 2024 /usr/bin/hehe
I'm trying to execute it with franlol user.
As far as I understand, with the s bit, the file should be run by the user kali because he is the owner, even if it is executed by user franlol.
Why the binary/script cannot do the cat to a file owned by the same user than the binary owner?
What is not correct in this flow?
┌──(franlol㉿kali)-[~]
└─$ lsa -l /srv/test/secret
.rwx------ kali kali 26 B Fri Feb 9 00:46:01 2024 /srv/test/secret
┌──(franlol㉿kali)-[~]
└─$ lsa -l /usr/bin/hehe
.rwsrwxr-x kali kali 15 KB Fri Feb 9 00:49:58 2024 /usr/bin/hehe
┌──(franlol㉿kali)-[~]
└─$ hehe
I'm the script
cat: /srv/test/secret: Permission denied
Also, while the execution is doing the 5s sleep, If I do a ps aux | grep hehe I see that the execution user is not Kali, and as far as I understand, if the hehe script is owned by the user kali, it should be run by the same owner.
nosuidoption? – waltinator Feb 09 '24 at 00:22