{"id":741,"date":"2011-10-17T12:08:35","date_gmt":"2011-10-17T12:08:35","guid":{"rendered":"http:\/\/blog.designed79.co.uk\/?p=741"},"modified":"2011-10-17T12:15:43","modified_gmt":"2011-10-17T12:15:43","slug":"run-command-line-app-as-owner","status":"publish","type":"post","link":"https:\/\/blog.designed79.co.uk\/?p=741","title":{"rendered":"Run Command line app as owner"},"content":{"rendered":"<h3><a href=\"http:\/\/protocol-vit.blogspot.com\/2007\/12\/chmod-s.html\">chmod &#8220;+s&#8221;<\/a><\/h3>\n<div>\n<p>Purpose of this blog is to just break this loooog Sannata mode. Many people might be aware of this, but for those who dont know can read.<\/p>\n<p>We all know the basic file access permissions on linux. Access permissions can be set per file for\u00a0<strong>owner<\/strong>,\u00a0<strong>group<\/strong>\u00a0and\u00a0<strong>others\u00a0<\/strong>on the basis of read (<strong>r<\/strong>), write (<strong>w<\/strong>) and execute permissions (<strong>x<\/strong>).<\/p>\n<p>Linux processes run under a user-ID. The effective user-ID is the one that determines the access to files. So we can set user or group ID on execution using chmod command with &#8216;s&#8217; bit<\/p>\n<p>&nbsp;<\/p>\n<p><em>&gt;chmod 4755 suidtest<br \/>\nor<br \/>\n&gt;chmod u+s suidtest<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>This causes the file to be executed under the user-ID of the user that owns the file rather than the user that executes the file. Same thing is applicable for group ID.<\/p>\n<p>&nbsp;<\/p>\n<p>As you can see this is a very powerful feature especially if root owns the file with s-bit set. Any user can then do things that normally only root can do. A few words on security. When you write a SUID program then you must make sure that it can only be used for the purpose that you intended it to be used. Always set the path to a hard-coded value. Never rely on environment variables or functions that use environment variables. Never trust user input (config files, command line arguments&#8230;.). Check user input byte for byte and compare it with values that you consider valid.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>chmod &#8220;+s&#8221; Purpose of this blog is to just break this loooog Sannata mode. Many people might be aware of this, but [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[8,7,20],"class_list":["post-741","post","type-post","status-publish","format-standard","hentry","category-info-on-tech","tag-10-7","tag-osx","tag-ubuntu"],"_links":{"self":[{"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/741","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=741"}],"version-history":[{"count":0,"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/741\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=741"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=741"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=741"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}