I was experimenting a bit and noticed something strange: setting the setuid bit on a copy of bash located at /usr/bin/bash-test
seemed to have no effect. When I ran an instance of bash-test
, my home directory was not set to /root
and when I ran the whoami
command from bash-test
, my username was not reported as being root
, suggesting that bash-test
was not running as root. However, if I set the setuid bit on whoami
, I was reported as being root in any shell, as expected.
I tried setting the setuid bit on /usr/bin/bash
as well and observed the same behavior.
Why is bash not running as root when I set the setuid bit on it? Could selinux have something to do with this?
Best Answer
The explanation is kind of annoying: bash itself is the reason.
strace
is our friend (must be SUID root itself for this to work):bash detects that it has been started SUID root (UID!=EUID) and uses its root power to throw this power away, resetting EUID to UID. And later even FSUID, just to be sure...:
In the end: no chance. You have to start bash with UID root (i.e. sudo).
Edit 1
The man page says this:
But this does not work for me.
-p
isn't even mentioned among the startup options. I also tried--posix
; didn't work either.