Care and Feeding of SUID and SGID Scripts (Unix Power Tools, 3rd Edition)

49.8. Care and Feeding of SUID and SGID Scripts

Scripts may need to run within a root environment but be executed by system users other than root. To allow a nonroot user or group of users executable access of the script, its SUID or SGID bit can be set.

The SUID bit is set using the following command:

chmod u+s somefile

Running ls -l on the file afterwards displays the following (within FreeBSD):

-rwSr--r--  1 root  somegroup  7219 Oct 29  2001 somefile

Now, any user can execute the file, and the file runs with root permissions.

A more restricted version of SUID is SGID, set as follows:

-rwx-r-Sr-- 1 root somegroup 7219 Oct 29 2001 somefile

Users belong to the specified group, somegroup, can execute the file now, and it runs with root permissions.

As handy as SUID and SGID scripts are, they are also dangerous. For instance, SUID scripts are considered so dangerous that the Linux kernel won't even honor them. This is because environmental variables are easily manipulated within scripts, particularly C shell scripts, as discussed in Section 50.9. And since the scripts can be run by anybody, and run as root, they represent extreme points of vulnerability.

To see where you have SUID and SGID scripts, use the following command (pulled from the Linux Security HOWTO document at http://www.cpmc.columbia.edu/misc/docs/linux/security-howto.html):

find / -type f \( -perm -04000 -o -perm -02000 \)

To do a thorough scan, you need to have root permissions.

You'll be surprised at the number of applications returned from the search. Among those in my FreeBSD system were:

/usr/virtual/share/usr/sbin/pstat
/usr/virtual/share/usr/sbin/swapinfo
/usr/virtual/share/usr/sbin/sliplogin
/usr/virtual/share/usr/sbin/timedc
/usr/virtual/share/usr/sbin/traceroute

However, a quick check shows that the files -- sharable across different FreeBSD installations -- are all SGID: not as dangerous as SUID files long as the group is restricted.

-- SP