Supersuer bit? Also known as the RIAA bit? On 0, Raffaele Sandrini <[EMAIL PROTECTED]> wrote: > Hi > > On normal homedirs the owner of the files is the owner of the homedir. That > means he/she can alter the file permissions in the files he/she ownes (with > chmod) > > I tested the following: As a normal user i crated a file in my homedir. > % touch test > > I changed it to a exec file. > % chmod 700 test > > No i set the superuser bit > % chmod +s test
No, you didn't.
> It worked(!!!!!). That means that a user can download for example a BASH
> binary and set the superuser bit for it ans has root privileges ??!!
>
> Am i missing here something?
Yes. That is the setuid bit, not the superuser bit. When an
executable with this bit set is executed, it executes with the uid of
the OWNER, not the superuser. To make this setuid root you have to:
# touch test
# chmod 700 test
# chown root test
# chmod +s test
If you can do THAT then there is something wrong.
Tom
--
Tom Cook
Information Technology Services, The University of Adelaide
"Intellectual freedom is not the freedom to believe anything, but the freedom to
believe only the truth."
- Dr. John Stott
Get my GPG public key:
https://pinky.its.adelaide.edu.au/~tkcook/tom.cook-at-adelaide.edu.au
msg03459/pgp00000.pgp
Description: PGP signature
