SEEDlabs: Set‐UID Program Vulnerability Lab - Nifalnasar/Fundamentals-of-Network GitHub Wiki

Set-UID is an important security mechanism in Unix operating systems. When a Set-UID program is run, it assumes the owner's privileges. For example, if the program's owner is root, then when anyone runs this program, the program gains the root's privileges during its execution. Set-UID allows us to do many interesting things, but unfortunately, it is also the culprit of many bad things. Therefor, the objective of this lab is two-fold: (1) Appreciate its good side: understand why Set-UID is needed and how it is implimented. (2) Be aware of its bad side: understand its potential security problems.

Lab Tasks This is an exploration lab. Your main task is to "play" with the Set-UID mechanism in Linux, and write a lab report to describe your discoveries. You are required to accomplish the following tasks in Linux:

1.. Figure out why "passwd", "chsh", "su", and "sudo" commands need to be Set-UID programs. What will happen if they are not? If you are not familiar with these programs, you should first learn what they can do by reading their manuals. Please copy these commands to your own directory; the copies will not be Set-UID programs. Run the copied programs, and observe what happens.

We find that when copying passwd to /tmp/,it lost root's privileges. As for chsh, su and sudo, they are the same.

2.. Run Set-UID shell programs in Linux and describe and explain your observations. (a) Login as root, copy /bin/zsh to /rmp, and make it a set-root-uid program with permission 4755. Then login as a normal user and run /tmp/zsh. Will you get root privilege? Please describe your observation.