SUID and SGID

SUID

What is SUID?
 
SUID stands for set user id. When a SUID file executed, the process which runs it is granted access to system resources based on the user who owns the file and not the user who created the process. When a file is SUID root it allows a program/script to perform functions that regular users are not allowed to do themselves. Many buffer overflow exploits are the result of SUID programs.

File permissions for SUID enabled files: -rwsr-xr-x

Examples of SUID root programs:
logging in
changing passwords
low level networking routines
control of graphical display functions
su

Thomas Akin's Seven Rules for Safe SUID Programming
Do not use SUID shell scripts.
Never use SUID C-shell scripts.
Always manually set your internal field separator (IFS).
Always manually set your PATH and use absolute path names.
Understand how programs you call work, and how they handle arguments.
Do not use temporary files. If you must, don't put them in a publicly writeable area.
Distrust and check all user input and eliminate dangers such as meta-characters.

SGID

What is SGID?
SGID stands for set group id. When looking at files SGID they behave much the same as SUID files, and must be executable for it to have any effect. The SGID bit on a directory means files created in that directory will have their group set to the directory's group.

File permissions for SGID enabled files: -r-xr-sr-x
File permissions for SGID enabled directories: dr-xr-sr-x

Examples of SGID root programs:
write - write to another user (tty group)
slocate - linux program to find programs (slocate group)

NOTE: Better to make a program SGID than SUID since fewer rights are granted by group membership opposed to user.

LOCATING SUID and SGID PROGRAMS

Use find to obtain a list of set-UID and set-GID prorgrams installed on a system

 

for part in \ 
    `awk '($4 == "ufs") {print $3 }' /etc/vfstab`
do 
    find $part \( -perm -04000 -o -perm -02000\) \
        -type f -xdev -print
done