| |
|
|||
| FIND THE SUID FILES ON YOUR SYSTEM Files on
a Linux system have a set of associated permissions, which tells programs
what user or group has access to what file. Permissions include read,
write, and execute for three different groups: user, group, and Ownership
of files is assigned in the form of user and group. For example, user
"joe" and group "admin" may own a particular file, but permissions
allow the user to read, write, and execute, and permissions also allow Many files on a Linux system have another associated flag, which is called the set user id (suid) bit. This flag, primarily used on executables, changes the behavior of the file. Any user with permission to execute the file will execute it as the owner. A number of programs are installed this way to circumvent certain access restrictions. For example, the /bin/su program is used to change one user to another, but this requires root access to accomplish the task. A normal user can't do this on his or her own, so /bin/su is suid root, which means any user who executes /bin/su does so with the root privilege. However,
you might not want a normal user to be able to use su, or you could
be concerned about future vulnerabilities in su and other programs
that are suid. To locate the suid files that exist on your system,
use the $ find / -perms +6000 -type f -exec ls -ld {} \; This finds all suid files and executes ls -ld on them, so you can see all the file details. If you wish to turn off the suid bit from a particular file, use the following command: $ chmod u-s /bin/su In this case, it turns the suid bit off the /bin/su file. |
||||