File permissions are a basic concept in Linux systems to manage permissions to write, read and execute files.
In this article I would like to limit myself to a less common file right - the SUID-bit.
By setting the SetUserID bit a file is always executed with the rights of the file owner.
An example of a meaningful use of this file right is the program passwd, which changes passwords of users and groups. In order for a user to change his own password, the SUID right must be set. Thus, the program is executed as root.
The SUID bit is displayed as follows:
The SUID bit is indicated by a s or S at the position of the file permission to execute a file (x).
A small s means that an execution is also possible in addition to the SUID bit. However, this is not possible with a large S.
The SUID bit should be used very carefully and only when really necessary. Because the privileged execution of a file creates a potential security risk. If a file is manipulated accordingly, rights can be extended ( privilege escalation).
The program find with the original rights:
find offers the possibility to execute commands using -exec :
Now the SUID bit is set: chmod +s /usr/bin/find
Then we execute the same command as before:
So it is now possible to execute arbitrary code as root. If unauthorized access to a system has taken place, a "backdoor" can be set up with which it is possible to obtain administrative rights from any user.
Files with SUID rights can be found, for example, using:
find / -user root -perm -4000 -print 2>/dev/null
Thank you for reading !
