Does bash explicitly allow commands like passwd, su, etc., to run in setuid while disabling other custom binaries?

Asked Mar 17 '24 at 11:16

Active Mar 17 '24 at 11:16

Viewed 25 times

I know that /bin/bash has certain built-in protections that prevent the abuse of the Set-UID mechanism. So if I create a custom binary and execute it, it won't run with SUID 0 (refer the below image). Then how does running passwd in bash shell runs with root privilege?

C code of system file in the above image:

#include <stdlib.h>
int main() {
    system("ls");
}

edited Mar 17 '24 at 11:16

asked Mar 17 '24 at 11:16

yellowspectre

2

Do not post images when plain text will do. – Bib Mar 17 '24 at 11:23
Bash ignores the setuid bit on itself. It doesn't care about the setuid bit of some random executable. – muru Mar 17 '24 at 11:39
system() runs /bin/sh, and if that's Bash, there's your issue. – ilkkachu Mar 17 '24 at 13:14
I'm not sure how many restrictions on setuid execution are implemented by Bash. I think most of them are implemented in the Linux kernel. – Sotto Voce Mar 17 '24 at 20:07

Does bash explicitly allow commands like passwd, su, etc., to run in setuid while disabling other custom binaries?

0 Answers0