9. Setuid programs
Setuid programs typically execute with higher privileges
than the person who runs the program does.
For example, the /bin/passwd program executes as root, but only while
it’s running. It does this for
anyone who runs it. So, during that
time the passwd program is running, it can do whatever it wants (or needs) to
do. In this case it needs to modify
the contents of /etc/passwd or /etc/shadow to change your password.
Programs like /bin/passwd, that run setuid to root must be very careful.
If a user keys in something, the program must able to handle it and not
accidentally give the user a shell or anything else that root has access to.
In general, we recommend that you don’t write setuid
programs at all unless it’s absolutely necessary. Even the programs that come with your system have been hacked
and are often the starting point used by hackers to attempt a break-in.
You can turn off the setuid mode bit on some programs.
For example, if you know that you don’t want users changing their
passwords, you can turn off the setuid bit for /etc/passwd (e.g. # chmod 750
/bin/passwd). However, be careful. Some
setuid programs are needed by your operating system.
If you do write setuid programs consider not using root as
the UID to change to. Also, if you
write in Perl, user the tainted switch (-T) and follow all of the guidelines
carefully.
For more information on setuid and how it works, see your
man pages.
