2

My question is about suid! The logic behind that is to grant root permission when a privileged command is executed by a user. For example, passwd has such a feature.

$ ls -l /usr/bin/passwd 
-rwsr-xr-x 1 root root 54224 Aug 21  2017 /usr/bin/passwd

I have written a piece of code which opens a zsh. So, I manually add suid to my executable. 

$ chmod u+s myzs
$ ls -l myzs
-rwsr-xr-x 1 mahmood mahmood  7360 Jul  6 21:34 myzs

However, when I run the binary, the shell opens for the current user (me) and not the root. What is the difference between my binary file and passwd? both have suid.

$ ./myzs 
% whoami                                                                                       
mahmood
Improve this question
2
  • 1
    If that could work, then there would be no point having root. Everyone would be root. See @nohillside's answer. You understanding (in your first paragraph), is very slightly off. But in an important way. Commented Jul 6, 2018 at 17:29
  • May be relevant unix.stackexchange.com/questions/101263/… Commented Jul 24, 2022 at 14:44

1 Answer 1

Reset to default
4

From man chmod

   4000    (the set-user-ID-on-execution bit) Executable files with this bit set 
           will run with effective uid set to the uid of the file owner.

So you need to set the owner of the file to the user you want the binary to run under, e.g. by running

sudo chown root myzs
Improve this answer
4
  • That operation is not permitted by user. I wonder how some documents and videos on the web show that a user can open a root shell. Are they fake? Commented Jul 6, 2018 at 17:31
  • 3
    @mahmood You need to be root to set file ownership to root, basically. Otherwise it would open quite a wide security hole (which running zsh as root probably does anyway but I hope you know what you are doing). Commented Jul 6, 2018 at 17:32
  • Yes I am intentionally trying to open a root shell from my account. As I said there are videos and documents that show this is possible. I am not sure if that is OS specific. For example, Kali may allow that! Commented Jul 6, 2018 at 17:34
  • @mahmood It will work once you have a setuided binary owned by root. The trick part is getting that binary. Commented Jul 6, 2018 at 17:42

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.