Watching the Dangerous setuid and setgid Permissions
setuid and setgid files are dangerous because they might give an unauthorized user root access, or at least access to run a program in another user’s name.
To make a program setuid root, the user must be root. (Remember, you must be the user to which you want to make a program setuid.) So, if you never mount partitions from other machines, and if you are 100% sure that no one can get to the root, you have no problem. However, it is very difficult to be so sure, as hackers may have cracked root’s password.
setuid programs are very convenient for hackers because they might create a back door to the root account, which is still available after root has changed his password to something the hacker ...
Get Practical UNIX now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
