Changing a Program’s Identity

Ethan McCallum

Thursday, April 15th, 2004

Share This:

If you’ve worked with Linux for some time, you’ve probably used a set-user ID (or setuid) program to temporarily gain permissions different from your normal access rights. Unlike typical programs that run with your permissions, a setuid program runs with the permissions of that program’s owner. For example, if you launch a program that’s setuid and owned by root, that program runs as though root had executed it, temporarily granting you the same (full) access privileges as the superuser.

sudo is one such setuid program, and many other useful examples can be found on a common Linux system. Every use of the passwd command invokes some setuid magic, because it makes changes to the /etc/shadow file, a file that’s otherwise off-limits to non-root users. Likewise, if the user flag is set in /etc/fstab, mount’s setuid status allows non-root users to mount filesystems. Another novel use of setuid is Apache HTTPD’s suexec utility, which executes CGI programs as those files’ owners instead of the actual httpd process owner.

This month, let’s look at how to change user ids in a running application, understand why setuid root is special, and see some of the pitfalls that leave setuid programs vulnerable to exploits. Setuid programs can be very effective — no matter their reputation — if written correctly.

What’s In a … Number?

A login name (like strike or jpeek) is really just an alias for a numeric user identifier, or uid. Every user on…

1. KDE 4.4: Does It Work Yet?
2. Writing Custom Nagios Plugins with Python
3. Power Up Linux GUI Apps
4. Tweeting from the Command Line with Twyt
5. When Memory Serves You: Using ramfs and tmpfs