Re: setuid question
On Friday 22 January 2021 19:19:12 The Wanderer wrote:
> On 2021-01-22 at 19:09, Gene Heskett wrote:
> > On Friday 22 January 2021 18:35:27 David Christensen wrote:
> >> chmod u+s /usr/local/libexec/amanda/ambind
> >
> > root@coyote:amanda-3.5.1$ chmod u+s /usr/local/libexec/amanda/ambind
> > root@coyote:amanda-3.5.1$ su amanda -c "/usr/local/sbin/amcheck
> > Daily" Amanda Tape Server Host Check
> > -----------------------------
> > ERROR: program /usr/local/libexec/amanda/ambind: not setuid-root
>
> What does
>
> $ ls -lh /usr/local/libexec/amanda/ambind
>
> say?
-rwxr-x--x 1 amanda backup 27K Jan 22 18:46 /usr/local/libexec/amanda/ambind
> All 'chmod u+s' does is set the suid bit. What having that bit does
> (as I understand matters) is cause the program to run with the
> permissions of the user who owns the file.
>
> If that file is owned by some user other than root, than the suid bit
> will just cause it to be run as that other user, which may well not be
> enough.
>
> You may also want to check
>
> $ file /usr/local/libexec/amanda/ambind
/usr/local/libexec/amanda/ambind: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked,
interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=32a4e4b5ad333ece10f31f4ad77224c321656b11,
not stripped
>
> to confirm whether this program is a script; I've seen cases where
> having a script with the suid bit set isn't enough, because it invokes
> another binary which isn't and the permissions don't wind up getting
> passed along. (Whether that happens typically with scripts I don't
> know.)
Thanks Wanderer
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>
Reply to: