- 论坛徽章:
- 0
|
* SUID
o What is SUID?
SUID stands for set user id. When a SUID file executed, the process which runs it is granted access to system resources based on the user who owns the file and not the user who created the process. When a file is SUID root it allows a program/script to perform functions that regular users are not allowed to do themselves. Many buffer overflow exploits are the result of SUID programs.
+ File permissions for SUID enabled files: -rwsr-xr-x
+ Examples of SUID root programs:
# logging in
# changing passwords
# low level networking routines
# control of graphical display functions
# su
+ Thomas Akin's Seven Rules for Safe SUID Programming
1. Do not use SUID shell scripts.
2. Never use SUID C-shell scripts.
3. Always manually set your internal field separator (IFS).
4. Always manually set your PATH and use absolute path names.
5. Understand how programs you call work, and how they handle arguments.
6. Do not use temporary files. If you must, don't put them in a publicly writeable area.
7. Distrust and check all user input and eliminate dangers such as meta-characters.
# SGID
* What is SGID?
SGID stands for set group id. When looking at files SGID they behave much the same as SUID files, and must be executable for it to have any effect. The SGID bit on a directory means files created in that directory will have their group set to the directory's group.
o File permissions for SGID enabled files: -r-xr-sr-x
o File permissions for SGID enabled directories: dr-xr-sr-x
o Examples of SGID root programs:
+ write - write to another user (tty group)
+ slocate - linux program to find programs (slocate group)
o NOTE: Better to make a program SGID than SUID since fewer rights are granted by group membership opposed to user. |
|
免费注册
发表于 2010-12-23 14:32
