Knowledgebase
Portal Home > Knowledgebase > Articles Database > setuid and setgid
setuid and setgid
Posted by msti, 02-24-2008, 02:34 PM After reading this article on intruder detection i came across setuid and setguid. Can someone please explain what exactly is setuid/setguid, why it is bad, and how this can be exploited to gain a root access? This is what I got when running this command on my system (/media/oldhd is the old drive which was comprimised):
Posted by Tim Greer, 02-24-2008, 03:00 PM setuid means that a script, if executable by other users and if it's exploitable, that it will run as that user (uid, user id). setgid is similar, in that it will run as the group (gid, group id). So, if a file is setuid to root and is vulnerable, a normal user can run and exploit it and it will run as the root user. setuid or setgid as a normal user (or non privileged user) will not really pose a threat (except to that user). Some binaries (i.e., /bin/su) need setuid for root or the command won't work and allow you to su to another user (or to root). Many people solve problems like that by setting the file to remove world/other from access (i.e., chmod 4750), and set the group to "wheel". Then, adding a user list of those people you want to allow to su to root by adding them to the wheel group. This limits who can access the file. Other files you want to remove this on as it's sometimes not needed.
Add to Favourites 
Print this Article
Also Read
