2

I was wondering if it was possible to somehow get the contents of a file which you do not have read access to. I first attempted trying to get around the permissions using the inode number of the file, but I was unsuccessful. My teacher made a file which he said he locked up well, but that there were a few ways of getting to its contents. Getting into the file has nothing to do with our assignment, but I was curious as to how this could be done if it could be done. I did a bit of research, and the only post I found relating to this was to grab the inode number of the file, but after doing that, there was not too much more information regarding it. Any savvy bash/Linux users have a solution to do this?

Thanks!

TEEBQNE
  • 121
  • 3
  • 1
    You can't even execute a file you don't have read permissions on, even if you have execute permissions, [unless the person who set it up tried really hard](https://unix.stackexchange.com/questions/16623/file-permission-execute-only) – jeremysprofile Nov 02 '18 at 20:25
  • @jeremysprofile The 'file' commands specifies that the file is setuid executable, regular fie, no read permission. The permissions are as follows: -rws--x--- – TEEBQNE Nov 02 '18 at 20:38
  • 1
    @jeremysprofile, of course you can execute a file without read permission, provided it's a binary executable, not a script. Try something like `cp /bin/ls ./ls; chmod 111 ./ls; ./ls -l ./ls` – ilkkachu Nov 02 '18 at 20:59
  • @ilkkachu, you're right, I should have specified. I didn't make that distinction as reading a binary executable is generally not valuable. – jeremysprofile Nov 02 '18 at 21:52
  • @jeremysprofile, reading binaries should be very useful for debugging, or disassembling the program. Having setuid binaries unreadable could be seen as a minor security advantage. – ilkkachu Nov 03 '18 at 10:21
  • We already have a number of Q&As covering this area, including https://unix.stackexchange.com/questions/364/ , https://unix.stackexchange.com/questions/74527/ , and https://unix.stackexchange.com/questions/150972/ just for starters. – JdeBP Nov 03 '18 at 11:09
  • @JdeBP they were lousy 2 years ago, and they're still lousy now. –  Oct 13 '20 at 05:41
  • 1
    See [How to copy a file I have permission to execute, but not permission to copy?](https://unix.stackexchange.com/a/711936) for some approaches. – Stéphane Chazelas Mar 24 '23 at 12:41

1 Answers1

1

NO. Unlike executable binary output, the binary loader is a special beast with privs to read files and set them into execution. Thus for binary files EXECUTABLE access is sufficient to get the program read and executed.

However, a shell is only an interpreter and does not have such special abilities, and as a typical progam without any special abilities, must read a file. Thus READ access is required for a file to be "input" to a shell command processor.

mdpc
  • 6,736
  • 3
  • 32
  • 46
  • When I run ls -l the permissions come back as: -rws--x---. – TEEBQNE Nov 02 '18 at 20:47
  • @user3657449 It is possible to execute a file to which you don't have read permissions provided that it's not a script or otherwise interactive. That file has `setuid` which means that it will run with the permissions of the owner. – Nasir Riley Nov 02 '18 at 21:21
  • @NasirRiley Is there a way to piggyback on this permission to output all commands run in the script to the standard output? – TEEBQNE Nov 02 '18 at 21:38
  • @user3657449 If it's a binary then you can use `strace` to see the system calls. If it's a script then it won't be possible because it won't run due to your inability to read the file. – Nasir Riley Nov 02 '18 at 21:41
  • @user357449 - if it is a script, all you would have to do is `cat scriptname` since all shell scripts have to have READ access. – mdpc Nov 02 '18 at 21:41
  • @mdpc If I try anything like cat, less, head, tail, etc. I get permission denied. – TEEBQNE Nov 02 '18 at 21:52
  • @NasirRiley Is there any way to use strace to print out the exact lines used in the file? Or just the system calls it reports? – TEEBQNE Nov 02 '18 at 22:22
  • @user3657449 It is just the system calls. Like I said, you can't read the lines within because you don't have read access to it. – Nasir Riley Nov 02 '18 at 23:04
  • @mdpc The script only has to have read access for the user who is executing it. If someone without read access tries to use `cat`, `less`, or any other command that is used to read the file it then they'll get `permission denied`. – Nasir Riley Nov 02 '18 at 23:05
  • No, the binary loader / dynamic linker / ELF interpreter (`ld.so`) doesn't have any extra privileges. It's not a setuid, setgid or setcap executable; the ELF interpreter is able to "read" a non-readable binary executable because the kernel loads the binary in the virtual memory of the process *before* loading and running the interpreter. The interpreter doesn't open the file via the file system and doesn't need to bypass any permission. –  Oct 13 '20 at 05:42