0

I created a simple script on Ubuntu Server 18.04:

#!/bin/bash
apt update
apt upgrade

then I changed the owner to root

# chown root update.sh

then I added SUID bit and execution bits for user and group

# chmod u+xs,g+x update.sh

and this is what I have:

-rwsrwxr-- 1 root  me  35 Mar 21 09:48 update.sh*

So I was expecting that by running this script which I have permission to run (it belongs to my group), it gets the root UID and it will execute as root, but I get permission denied.

Paulo Tomé
  • 3,754
  • 6
  • 26
  • 38
Sasan
  • 143
  • 5
  • Please find a better answer to make this a dupe of. –  Mar 21 '20 at 18:44
  • @mosvy it appears the OP accepted the duplicate suggestion (indicated by "Community" in the list of close voters). If you find a better duplicate, please suggest it. Sasan, if you did not intend to accept the duplicate, please let us know. Thank you! – Jeff Schaller Mar 21 '20 at 21:29
  • @JeffSchaller You could at least point it directly to [the dupe of the dupe](https://unix.stackexchange.com/questions/364/allow-setuid-on-shell-scripts), which while itself contains [outdated answers](https://unix.stackexchange.com/questions/364/allow-setuid-on-shell-scripts#comment1015350_2910) and other misinformation, is not [THAT](https://unix.stackexchange.com/questions/130906/why-does-setuid-not-work#comment1068824_130910) bad. –  Mar 21 '20 at 21:43
  • @mosvy I didn't choose the dupe of the dupe on purpose: the dupe had already an explanation which I considered fitted better the question. Ok it's a bit bad that there's `./` in the answer rather than an absolute path but it's really secondary. Then it's easy to follow the dupe of the dupe – A.B Mar 22 '20 at 23:03
  • @A.B What's the explanation? "This is a security measure taken by operating system". That's very edifying, indeed. Combine that with some (bad quality) COPY-PASTED copyrighted content from a RedHat manpage, a recommendation to use sudo, and a ridiculous little program which would allow anybody to run any command as root. That's a really nice package. –  Mar 23 '20 at 03:06
  • @A.B FWIW, even with an absolute path, if the `/bin/sh` is actually bash, the caller can execute any code by exporting a function with the same name as some command from the script (eg. `echo(){ reboot; }; export -f echo; ./run_the_wrapper`. –  Mar 23 '20 at 03:53
  • @mosvy fine feel free to change it. I'll vote a reopen then – A.B Mar 23 '20 at 08:10

0 Answers0