Setuid does not work on executable

executablepermissionssetuid

I know that enabling setuid on scripts has security issues and so is inactive by default, but expect that it works for executables.
I created and executable which shows uid as an output following instructions described in this post: Allow setuid on shell scripts

But it returns same uid (1000) both before and after runningsudo chmod +s ./setuid-test. I think this means that setuid does not have any effects on my executable, why and how to solve?

The source code:

#include <stdio.h>
#include <unistd.h>
int main(int argc, char** argv) {
    printf("%d", geteuid());
    return 0;
}

Built and run with

$ gcc -o setuid-test setuid-test.c
$ ./setuid-test
1000
$ sudo chown nobody ./setuid-test; sudo chmod +s ./setuid-test
$ ./setuid-test
1000

When running ls -la, this is what I get:

me@me:~$ ls -la setuid-test
-rwsrwsr-x 1 nobody me 8572 Aug 19 16:39 setuid-test

Best Answer

Most filesystems designed for Unix/Linux can be mounted with a nosuid attribute, which will prevent setuid or setgid binaries located on those filesystems from altering the effective uid or gid of a process. It's often used when mounting "untrusted" filesystems, those that are under the control of a non-administrator.

In your case, the filesystem you're using is type ecryptfs, which according to askubuntu: Error when running binary with root setuid under encrypted home directory enforces nosuid (and nodev) automatically, starting with the versions from a few years ago.

Here is a description of the reason for the change, from https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3409 :

Vincent Danen 2012-07-20 11:25:56 EDT
It was reported that the private ecryptfs mount helper (/sbin/mount.ecryptfs_private), which is setuid-root, could allow an unprivileged local user to mount user-controlled ecryptfs shares on the local system. Because the ecryptfs helper does not mount filesystems with the "nosuid" and "nodev" flags, it would be possible for a user to mount a filesystem containing setuid-root binaries and/or device files that could lead to the escalation of their privileges. This could be done via a USB device, if the user had physical access to the system.
...
Forcing MS_NOSUID and MS_NODEV mount flags was added to version 99 .

Related Solutions

Running setuid binary temporarily without setuid

If X is dynamically linked, you could call the dynamic linker like:

/lib/ld.so /path/to/X

(adapt ld.so to your system (like /lib/ld-linux.so.2).

Example:

$ /lib64/ld-linux-x86-64.so.2 /bin/ping localhost
ping: icmp open socket: Operation not permitted

Permissions – Purpose of setuid with No Executable Bit

Now, I believe with setuid any user could execute the script.

Not quite. To make the script executable by every user, you just need to set a+rx permissions:

chmod a+rx script

setuid means that the script is always executed with the owner's permissions, that is, if you have the following binary:

martin@dogmeat ~ % touch dangerous
martin@dogmeat ~ % sudo chown root:root dangerous 
martin@dogmeat ~ % sudo chmod a+rx,u+s dangerous 
martin@dogmeat ~ % ll dangerous 
-rwsrwxr-x 1 root root 0 Sep 30 17:23 dangerous*

This binary will always run as root, regardless of the user that is executing it. Obviously this is dangerous and you have to be extremely careful with setuid, especially when you are writing setuid applications. Also, you shouldn't be using setuid on scripts at all because it's inherently unsafe on Linux.

Now, I understand the S denotes setuid with no executable bit. That is, no one can execute this file.

So my question is, what practical purposes do the setting of S bit have? I am trying to understand from an example perspective for setting this bit.

I don't think that there is a practical purpose, IMO it's just a possible combination of the permission bits.

Best Answer

Related Solutions

Running setuid binary temporarily without setuid

Permissions – Purpose of setuid with No Executable Bit

Related Question