How does sudo
work internally? How is it possible that it can become root without having the root password, unlike su
? What syscalls, etc. are involved in the process? Is it not a gaping security hole in Linux (e.g. why couldn't I compile a heavily-patched sudo
that just did whatever regular sudo
did, but didn't ask for the unprivileged user's password)?
I have read login and su internals. I have also read How is sudo intended to be used? but despite the title, they mainly deal with the differences between su
and sudo
.
Best Answer
If you take a look at the executable
sudo
:You'll notice that it carries the permission bits
---s--x--x
. These can be broken down as follows:So when a program has it's setuid bit enabled (also referred to as SUID) it means that when someone runs this program it will run with the credentials of the user that owns the file, aka. root in this case.
Example
If I run the following command as user saml:
You'll notice that the execution of
sudo
actually is running as root:setuid mechanism
If you're curious how SUID works take a look at
man setuid
. Here's an excerpt from the man page that explains it better than I could:The key concept here is that programs have a real userid (UID) and an effective one (EUID). Setuid is setting the effective userid (EUID) when this bit is enabled.
So from the kernel's perspective it's known that in our example,
saml
is still the original owner (UID), but the EUID has been set with whomever is the owner of the executable.setgid
I should also mention that when we're breaking down the permissions on the sudo command the second group of bits were for group permissions. The group bits also has something similar to setuid called set group id (aka. setgid, SGID). This does the same thing as SUID except it runs the process with the group credentials instead of the owner credentials.
References