You are not logged in.

Pages: 1

#1 2017-05-24 08:01:48

asdfiex
Member
From: Eastern Europe
Registered: 2015-12-15
Posts: 71

[SOLVED] I can't modify an executable by using SUID

Parent directory permissions: drwxr-xr-x  2 florea florea  4096 May 24 09:58 Desktop
Executable file permissions: -rws---r-x 1 florea florea 37 May 24 09:58 /home/florea/Desktop/main.py

/etc/group
wheel:x:10:root,florea,stefan
florea:x:1000:
stefan:x:1001:

I'm moving to another tty and try to modify main.py file by the user called stefan but "E212: Can't open file for writing".
":w !chmod 777 %" returns "Operation not permitted!".
Any ideas?

Last edited by asdfiex (2017-06-13 08:54:54)

Offline

#2 2017-05-24 08:54:21

tom.ty89
Member
Registered: 2012-11-15
Posts: 897

Re: [SOLVED] I can't modify an executable by using SUID

asdfiex wrote:

Executable file permissions: -rws---r-x 1 florea florea 37 May 24 09:58 /home/florea/Desktop/main.py

The file is only writable by florea but not users in group florea or others, and stefan is not even in the florea group.

P.S. wheel group is not really THAT special...

EDIT:

chmod(1) wrote:

...The letters rwxXst select file mode bits for the affected users:...set user or group ID on execution (s)...

Last edited by tom.ty89 (2017-05-24 08:58:32)

Offline

#3 2017-05-24 09:11:41

ayekat
Member
Registered: 2011-01-17
Posts: 1,589

Re: [SOLVED] I can't modify an executable by using SUID

As tom.ty89 already pointed out, the wheel group is nothing special—it's merely used by sudo on some machines. But it has nothing to do with file permissions.

More importantly, though, please note that SUID/GUID bits do not work on script files, but only on executable ELF binaries. This is because it's not the script itself that is being executed, but the interpreter (in this case python).

Last edited by ayekat (2017-05-24 09:12:09)

pkgshackscfgblag

Offline

#4 2017-05-24 19:06:56

seth
Member
Registered: 2012-09-03
Posts: 51,029

Re: [SOLVED] I can't modify an executable by using SUID

To add the obvious: DO NOT SUID ANY SCRIPT INTERPRETER!!! smile
You likely want to edit the sudoers or add a policykit rule for the script or similar.

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Offline

#5 2017-06-12 12:58:43

asdfiex
Member
From: Eastern Europe
Registered: 2015-12-15
Posts: 71

Re: [SOLVED] I can't modify an executable by using SUID

The file is only writable by florea but not users in group florea or others, and stefan is not even in the florea group.

P.S. wheel group is not really THAT special..."

From Wikipedia page:
"When an executable file has been given the setuid attribute, normal users on the system who have permission to execute this file gain the privileges of the user who owns the file (commonly root) within the created process."

stefan (who is a normal user) gains the permission of the user who owns the file (who's actually florea, a normal user too).
why stefan hasn't "rwx" privileges? Being logged as stefan I'm trying to modify just for test a hello world program compiled into a main.o file, but I get "permission denied" error...

Parent directory permissions: drwxr-xr-x  2 florea florea  4096 May 24 09:58 Desktop
Executable file permissions: -rws-----x 1 florea florea 37 May 24 09:58 /home/florea/Desktop/main.o

P.S: Sorry for not answering faster, a lot of daily stupendous chores...

Last edited by asdfiex (2017-06-12 13:12:10)

Offline

#6 2017-06-12 13:25:03

seth
Member
Registered: 2012-09-03
Posts: 51,029

Re: [SOLVED] I can't modify an executable by using SUID

Wrt your OP I think you've some sort of fundamental misconception of the SUID bit - could you please list the exact commands you approached (and their output) to reach the "permission denied" error?

Attempting to shortcut this: the suid bit is irrelevant on the file you want to write. It is relevant on the binary you execute to perform this write (apparently vim, and good god: do NOT suid vim!)

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Offline

#7 2017-06-12 13:44:21

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,523
Website

Re: [SOLVED] I can't modify an executable by using SUID

asdfiex wrote:

From Wikipedia page:
"When an executable file has been given the setuid attribute, normal users on the system who have permission to execute this file gain the privileges of the user who owns the file (commonly root) within the created process."

You're missing the most important part of that: "within the created process".  First note the above comments on the suid bit and scripts, but even putting that aside, if this python script were itself an ELF executable, what you are trying to do would not work.  When you execute an suid binary, that running process (and only that process) has the permissions of the owner.  So if you were to run that executable as stefan it (the binary itself) would be able to modify files belonging to florea.  This does not mean other processes (e.g. the shell running under the florea user) can modify the attributes of the binary.

"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#8 2017-06-13 08:54:14

asdfiex
Member
From: Eastern Europe
Registered: 2015-12-15
Posts: 71

Re: [SOLVED] I can't modify an executable by using SUID

It's clear now. I wanted just to see and understand how things work practically over there...
I was expecting that user stefan can open the main.o executable file and edit those nasty characters inside the file.
But no, main.o inherits the permissions of owner so actually this executable can read, write or execute anywhere owner can do it.

Thank you a lot for your answers!

Offline

Pages: 1

Board footer

Powered by FluxBB