Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
51525354555657585960
2.6.1 Why setuid and setgid Programs Can Be Risky
Whenever any program is executed, it creates a process with four ID numbers—real and
effective user ID (ruid and euid) and real and effective group ID (rgid and egid).
Typically, these ID pairs are identical.
However, running a setuid or setgid program changes the euid or egid of the
process from that associated with the owner to that of the object. The processes spawned
acquire their attributes from the object, giving the user the same access rights as the
program's owner and group.
If the setuid bit is turned on, the privileges of the process are set to that of the
owner of the file.
If the setgid bit is turned on, the privileges of the process are set to that of the
group of the file.
If neither the setuid nor the setgid bit is turned on, the privileges of the process
are unchanged.
As a particularly risky case, if a program is setuid to root, the user gains all
privileges available to root. This is dangerous because the program can be used
in a way that violates system security. To a lesser extent, this problem exists in other
setuid and setgid cases as well.
For security reasons, the setuid and setgid bits on scripts are normally ignored by
the HP-UX kernel. This rule can be relaxed by changing the tunable
secure_sid_scripts, but it is strongly recommended that this tunable be not changed
from the default. For more information on this tunable, see secure_sid_scripts(5).
2.6.2 How IDs Are Set
IDs are set in these different ways:
The ruid and rgid are inherited from the login process, which sets your uid
and gid. The uid and gid values are specified in /etc/passwd.
The login command also changes the ruid, euid, rgid, and egid.
The su command changes the euid and ruid.
The newgrp command can change the gid.
Set the setuid and setgid bits by using the chmod system call or chmod
command. See chmod(1) and chmod(2) for more information.
2.6.3 Guidelines for Limiting Setuid Power
Use caution if you add setuid-to-root programs to an existing system. Adding a
setuid-to-root program changes the system configuration and might compromise
security.
2.6 Handling setuid and setgid Programs 51