Help with suid (bash)

To: debian-user@lists.debian.org
Subject: Help with suid (bash)
From: rhkramer@gmail.com
Date: Tue, 10 May 2022 07:50:18 -0400
Message-id: <[🔎] 202205100750.18645.rhkramer@gmail.com>

Aside: even though this is not a Debian specific question, I often use debian-
user as my first resource in asking Linux questions.

Background: 8 years ago I wrote a set of scripts to help me mount and unmount 
LUKS encrypted partitions as needed and as myself (<myuserid>) rather than as 
root. 

Aside: This was (and still is) under Debian Wheezy -- I know I should upgrade.  
I do have installations of Jessie and Buster on other computers and am getting 
ready to install Bullseye on another machine which might replace the Wheezy 
machine (if I can run TDE under Bullseye).  Getting these scripts working as 
intended (that is, using suid) is part of my effort to do that.

Problem: I tried to use suid to allow the scripts to be run by me, but with 
the permissions of root  but I could not get that to work.  

Aside: I do run those scripts with the aid of a (compiled) c helper program 
that switches to root and then runs the appropriate script (setuid( 0 ) and 
then system( "<bash_script_filename>" ). 

The script to mount a partition looks like this (comments deleted, and some 
things shown "generically" for privacy / security):

#!/bin/bash 
/sbin/cryptsetup luksOpen /dev/sd<ann> <luks_device_name> && /bin/mount 
/dev/mapper/<luks_device_name> <mount_point>

The ownership and permissions that I tried to use (I tried some variations, 
and I have different permissions at the moment) were:

-rwsr-xr-x 1 root <groupid_that_includes_my_userid> 1412 Aug 31  2014 
<bash_script_filename>

(I should remove the read and execute permission from all, but that is what I 
had at that time.)

Why can't I run that successfully as myself (<my_userid>), and what could I do 
to make it run?

When I invoke the script with those permissions, including suid, I get a 
response like:

$ <bash_script_filename>
WARNING!!! Possibly insecure memory. Are you root?
Cannot open device /dev/sd<ann> for read-only access.
$

To clarify: when I run these scripts with the aid of the c helper program, the 
scripts work as intended and I get no error messages.

Thanks for any input!

Reply to:

Follow-Ups:
- Re: Help with suid (bash)
  - From: Greg Wooledge <greg@wooledge.org>
- Re: Help with suid (bash)
  - From: <tomas@tuxteam.de>
- Re: Help with suid (bash)
  - From: Charles Curley <charlescurley@charlescurley.com>

Prev by Date: Re: Copying one drive to a smaller one.
Next by Date: Re: Help with suid (bash)
Previous by thread: Re: booting from install usb
Next by thread: Re: Help with suid (bash)
Index(es):
- Date
- Thread