Understanding Root Owned Programs with Setuid Bit

pingprivilegesprocessSecuritysetuid

Ping is a a program owned by root with the user id bit set.

$ ls -l `which ping`
-rwsr-xr-x 1 root root 35752 Nov  4  2011 /bin/ping

As I understand it, if a user runs the ping process, then the effective user id will change from the real user id (i.e. the user id of the person who launched the process) to the user id root. However when I try this and look at the output of ps to see if the ping process is running as the root user, I still get the real user id showing.

ps -e -o user,ruser,euser,cmd,args | grep ping
sashan   sashan   sashan   ping -i 10 -c 1000 www.goog ping -i 10 -c 1000 www.google.com

Best Answer

ping needs root so it can open a socket in raw mode. That's literally the first thing it does when it starts up:

icmp_sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
socket_errno = errno;

That's the only thing it needs root for, so like many programs, it immediately drops its privilege level back to your normal user account:

uid = getuid();
if (setuid(uid)) {
    perror("ping: setuid");
    exit(-1);
}

Related Solutions

Linux – What causes /proc//* resources to become owned by root, despite the procs being launched as a normal user

Linux has a system call, which will change the dumpable flag. Here is some example code, which I wrote several years ago:

#include <sys/prctl.h>
...
/* The last three arguments are just padding, because the
 * system call requires five arguments.
 */
prctl(PR_SET_DUMPABLE,1,42,42,42);

It may be that gnome-keyring-daemon deliberately set the dumpable flag to zero for security reasons.

Sudo Command – Which User’s Password Does Sudo Ask For?

In its most common configuration, sudo asks for the password of the user running sudo (as you say, the user corresponding to the process’ real user id). The point of sudo is to grant extra privileges to specific users (as determined by the configuration in sudoers), without those users having to provide any other authentication than their own. However, sudo does check that the user running sudo really is who they claim to be, and it does that by asking for their password (or whatever authentication mechanism is set up for sudo, usually using PAM — so this could involve a fingerprint, or two-factor authentication etc.).

sudo doesn’t necessarily grant the right to become root, it can grant a variety of privileges. Any user allowed to become root by sudoers can do so using only their own authentication; but a user not allowed to, can’t (at least, not by using sudo). This isn’t enforced by Linux itself, but by sudo (and its authentication setup).
sudo does indeed ask for the password after it’s started running; it can’t do otherwise (i.e. it can’t do anything before it starts running). The point of sudo asking for the password, even though it’s root, is to verify the running user’s identity (in its typical configuration).

Best Answer

Related Solutions

Linux – What causes /proc//* resources to become owned by root, despite the procs being launched as a normal user

Sudo Command – Which User’s Password Does Sudo Ask For?

Related Question