Set SUID for lifting or lowering rights 04/05 Update SLTechnology News&Howtos

Set SUID for lifting or lowering rights

2025-04-05 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

I. basic introduction

Just watched Ma GE's video introduction SUID said that when setting SUID for the executable file and when it is converted into a process, the owner of the process is the owner of the original program file and operates as the owner of the original program file, and this special right can be used to raise or lower the right. The typical application of SUID is the passwd command, which allows ordinary users to read and write shadow files as root.

II. Promotion of rights

To raise rights using SUID, to be exact, you should create a backdoor. When you set SUID for cat, vim, nano or even nmap, you can have the permission of root. Example:

Use ordinary users to read shadow files

1.copy command to / tmp, used in experiments, set SUID

two。 Create a new normal user user1 and switch the user to view the effect

As you can see, the permission of the shadow file is 1000, but the average user user1 can read it using cat, which is SUID.

Testing other commands that do not have SUID set will prompt you that there are not enough permissions:

III. The right to fall

After introducing the promotion of rights and then talking about lowering rights, I said that this is because in this information security competition, I took the permission of a certain team's shell root to read flag, and unexpectedly suggested that the permission was not enough to be rejected. I was very confused after I came back because of the lack of time. I happened to see this SUID today to achieve this effect:

When the owner of the program (cat) is changed to an ordinary user, even if root reads the flag after setting SUID, it will be denied because it sets SUID to read the flag as an ordinary user and then indicates that the permission is not enough.

The implementation is as follows:

1. Modify the owner of cat and set SUID (just changed)

two。 View the results:

Note that when reading shadow as root, the error indicates that the permission is not enough, and root is not invincible after setting SUID.

They may have set this up at that time, or it could be some other operation that I don't understand. no, no, no.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.