49.8. Care and Feeding of SUID and SGID Scripts

Scripts may need to run within a root environment but be executed by system users other than root. To allow a nonroot user or group of users executable access of the script, its SUID or SGID bit can be set.

As handy as SUID and SGID scripts are, they are also dangerous. For instance, SUID scripts are considered so dangerous that the Linux kernel won't even honor them. This is because environmental variables are easily manipulated within scripts, particularly C shell scripts, as discussed in Section 50.9. And since the scripts can be run by anybody, and run as root, they represent extreme points of vulnerability.

To see where you have SUID and SGID scripts, use the following command (pulled from the Linux Security HOWTO document at http://www.cpmc.columbia.edu/misc/docs/linux/security-howto.html):

find / -type f \( -perm -04000 -o -perm -02000 \)

To do a thorough scan, you need to have root permissions.

You'll be surprised at the number of applications returned from the search. Among those in my FreeBSD system were:

/usr/virtual/share/usr/sbin/pstat
/usr/virtual/share/usr/sbin/swapinfo
/usr/virtual/share/usr/sbin/sliplogin
/usr/virtual/share/usr/sbin/timedc
/usr/virtual/share/usr/sbin/traceroute

However, a quick check shows that the files -- sharable across different FreeBSD installations -- are all SGID: not as dangerous as SUID files long as the group is restricted.

-- SP

49.7. Add Users to a Group to Deny Permissions		49.9. Substitute Identity with su

Copyright © 2003 O'Reilly & Associates. All rights reserved.