Friday, June 25, 2010

setuid

The setuid system call will set effective user IDs for the calling process. Some system call require privileged user. Linux implements POSIX 1e for capabilities since Kernel 2.2. Take a look the ping program which create raw socket that require CAP_SYS_RAW capabilities. Here the permission attributes for this program.

[ajhwb@ajhwb-constantine ~]$ ls -l $(which ping)
-rwsr-xr-x. 1 root root 41976 2010-05-11 21:03 /bin/ping


[ajhwb@ajhwb-constantine ~]$ stat --printf="owner permission:%a uid:%U gid:%G\n" $(which ping)
owner permission:4755 uid:root gid:root


Take a look for owner permission mode, rws (4755) define a setuid to owner (root) for calling process. Unprivileged user can run this process as root privilege that is to create the raw socket. So, any setuid program must be carefully designed to prevent exploitation.

Linux capabilities FAQ: http://pastebin.com/raw.php?i=3SbfSN8s