Re: SUID Bit does not set effective user-id

2013-09-23 Thread Philip Guenther
On Mon, 23 Sep 2013, Mark Dittmer wrote:
 I know that OpenBSD has striven to limit the number of setuid binaries 
 in its suite of software for security reasons. However, I am not under 
 the impression that the SUID Bit no longer affects the effective user-id 
 when the binary is run -- this would mean that the bit does nothing, and 
 even the few setuid programs left in OpenBSD would not work correctly.

Is the binary located on a filesystem mounted with the nosuid flag?


Philip Guenther



Re: SUID Bit does not set effective user-id

2013-09-23 Thread Hendrickson, Kenneth
Make sure the filesystem you put your suid binary on wasn't mounted with nosuid 
or any other similar options.  Put your binary in /bin or /usr/bin or /sbin 
(etc.) and try again.

Ken Hendrickson

-Original Message-
From: owner-b...@openbsd.org [mailto:owner-b...@openbsd.org] On Behalf Of Mark 
Dittmer
Sent: Monday, September 23, 2013 2:17 PM
To: bugs@openbsd.org
Subject: SUID Bit does not set effective user-id

I know that OpenBSD has striven to limit the number of setuid binaries in
its suite of software for security reasons. However, I am not under the
impression that the SUID Bit no longer affects the effective user-id when
the binary is run -- this would mean that the bit does nothing, and even
the few setuid programs left in OpenBSD would not work correctly.

I encountered this bug using a fresh install of OpenBSD 5.3 as a guest OS
on Parallels for Mac:

$ uname -a
OpenBSD openbsd.localdomain 5.3 GENERIC#53 amd64

To my surprise, a binary file owned by root with its SUID bit set runs with
UIDs as if the SUID was not set. That is, when UID 1000 runs such a
program, the program starts in state:

 real_uid, effective_uid, saved_uid = 1000, 1000, 1000

and not in state:

 real_uid, effective_uid, saved_uid = 1000, 0, 0

as expected.

Here are the details regarding how I found the issue:

I have written an interactive C program for evaluating setuid behaviour in
different Unix systems. The program is compiled using:

gcc -o setuid_min.bin setuid_min.c

The program lives in a subdirectory of UID 1000's home directory, and the
sudo command is used to change ownership and SUID; then the program is run
and I enter uid to report the real, effective, and saved UIDs of the
process:

$ sudo chown root:staff setuid_min.bin
$ ls -l | grep 'setuid_min\.bin$'
-rwxr-xr-x  1 root   staff [...] setuid_min.bin
$ sudo chmod a+s setuid_min.bin
$ ls -l | grep 'setuid_min\.bin$'
-rwsr-sr-x  1 root   staff [...] setuid_min.bin
$ ./setuid_min.bin
uid
 1000 1000 1000 some_pid
exit
$

Note that some_pid above is the pid of the setuid_min.bin process. The
program reports the real UID, effective UID, and saved UID by reporting the
output of the following shell command:

ps -ao ruid,uid,svuid,pid | grep '[ ]my_pid$'

where my_pid is the pid is reported by getpid().

As far as I understand, the program should be reporting 1000  0  0
 some_pid, and not 1000  1000  1000  some_pid.

Sincerely,
Mark Dittmer

[demime 1.01d removed an attachment of type text/x-csrc which had a name of 
setuid_min.c]



Re: SUID Bit does not set effective user-id

2013-09-23 Thread Mark Dittmer
The problem appears to have been nosuid set on the file location. Copying
the file to /usr/bin at first appeared to fail to solve the problem, but
once I re-set the SUID bit on the newly copied file the expected behaviour
appeared.

Thanks!

//Mark


On Mon, Sep 23, 2013 at 2:52 PM, Philip Guenther guent...@sendmail.comwrote:

 On Mon, 23 Sep 2013, Mark Dittmer wrote:
  I know that OpenBSD has striven to limit the number of setuid binaries
  in its suite of software for security reasons. However, I am not under
  the impression that the SUID Bit no longer affects the effective user-id
  when the binary is run -- this would mean that the bit does nothing, and
  even the few setuid programs left in OpenBSD would not work correctly.

 Is the binary located on a filesystem mounted with the nosuid flag?


 Philip Guenther