Set-user-ID bit (SUID)

I have been reading several sites and books and still cannot find a text which really explains what’s so good about SUID.

Suse 6.4 manual:
A program with this set automatically has the permissions of the user to whom it belongs. If this program belongs to the super user, then the other person that started this prog then it will get the rights of the superuser on that running system.

  1. Will this not give that other person Root permissions then on the whole system? And this aint a problem??? How come??

  2. What is the difference with giving the user Execute persimission? → X then he can execute it also not?

Thanks for answering.

I will try to explain this.

  1. It **could **give the normal user all powers of root on the whole system when the creator of the program is not very carefull. When the program is only able to do the task where it is made SUID for, there is no problem. When that task is finished, the program finishes and the user is again the user. But when the program can be manipulated, all sorts of abuse is possible. Think of a program that is made writable by the world. The user could then overwrite that program with another program of his choice by a simple cp statement and … Also such a program being a shell script makes it vulnarable to changes, thus normaly scripts can not be made SUID.

  2. When the user has x-permission he can exucute the program, but he is not root and can then not write files that have only w-permission for root. And this brings us to the point where your real problem is: what is this good for?

Think of a configuraion file where editing around by any user is not a good idea. But nevertheless the user must be able to change things there in a controled mannner. Then a program (that is writen to do things in a controled manner) that is owned by a user (could be root) and that is SUID can be called by the user and the file is changed in a neat manner.

An example is

-rwsr-xr-x 1 root root 132520 Jan 27  2009 /usr/sbin/sudo

It is clear that sudo must be able to do things like checking the file

-r--r----- 1 root root 1569 Dec 14 16:37 /etc/sudoers

which, as you can see, can not even be read by the normal user.

This means that extra care must be taken for the integrity of the program sudo.
BTW the same holds true for the programs root allows to be executed by normal users using sudo. In fact the mechanism is the same. And imagine what would be possible when such a program would have a shell escape as part of its features!