Bug 50293 - chmod u+s sets suid bit, but this setting is ineffective
chmod u+s sets suid bit, but this setting is ineffective
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: fileutils (Show other bugs)
7.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Bernhard Rosenkraenzer
Aaron Brown
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-07-29 20:08 EDT by Daryle Niedermayer
Modified: 2007-04-18 12:35 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-07-30 01:29:56 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Daryle Niedermayer 2001-07-29 20:08:38 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.74 [en] (Win98; U)

Description of problem:
After using the chmod command to set the suid bit on a script, the ls -la command shows the bit to be set. However in executing
the script, it is clear that the script is only executed under the actual user's permissions.

How reproducible:
Always

Steps to Reproduce:
1.Taking a script that requires root permissions to perform some functions. Our example includes the following line:
touch $config   ##$config points to a filename we are creating
chown apache $config
This script is contained in the /dev/hda6 filesystem mounted as /home and should be mounted with default mount parameters
including suid. Explicitly listing suid in the /etc/fstab file and remounting the filesytem did not affect the outcome of this problem.
2. Set the suid bit of this script, using the command:
chmod u+s scriptname
2. Use the ls -la command to view the scripts permissions:
-rwsr-x---    1 root     helpdesk     2835 Jul 29 17:27 filename
3. As a non-root user who is a member of the file's group (in this example helpdesk), run this script:
./filename


Actual Results:  
1. The shell issues the following error message:
chown: /home/httpd/helpdesk/etc/aaa.conf: Operation not permitted
2. Viewing the permissions on the newly created file (referenced by $config in this example) shows that the file
belongs to the actual (real) user of the script 
	

Expected Results:  
1.The script should have created the file with the touch command so that it was owned by root and not the real user of the 
script.
2. The script should have successfully changed the ownership of the file to the owner specified in the script (in this example apache)
instead of failing if the suid bit was effectively set as it appeared to be.

Additional info:

This use of chmod is documented in the man page for chmod.
Comment 1 Bill Nottingham 2001-07-30 00:23:25 EDT
Setuid shell scripts do not work. It's a feature of the kernel, and
it's done that way for security reasons.
Comment 2 Daryle Niedermayer 2001-07-30 01:29:51 EDT
Then the man page for chmod should be amended to reflect this "feature". As it currently exists, the installed man page contradicts the "features" of the 
kernel. The bug would now rest with improper or inaccurate documentation. The man page for chmod should either make no reference to the suid bit, 
identify it as disabled for the kernel(s) for which this is the case, or the chmod command itself should return an error message when an attempt is made 
to use it to set the suid bit on a file.

Alternatively, since the "feature" is implemented by default, documentation on how to disable this feature should be provided or referenced in the chmod 
man page.
Comment 3 Bernhard Rosenkraenzer 2001-07-30 02:00:27 EDT
The setuid bit *is* effective, just not on shell scripts, which is actually a 
bash feature and documented in the bash info page.

If you absolutely need to make a shell script setuid, write the following C 
program and make it setuid:

int main(int argc, char **argv) {
	setuid(0); seteuid(0); setgid(0); setegid(0);
	execvp("/usr/local/bin/yourscript.sh", "
}

Note You need to log in before you can comment on or make changes to this bug.