Identification, Authentication and Authorization

Privilege Elevation

Set-UID mechanism

Change the effective UID of a process running a program stored on a Set-UID file.

  • If a program file is owned by UID X and the set-UID bit of its ACL is set, then it will be executed in a process with UID X.

    • Independently of the UID of the subject that executed the program.

Allows normal users to execute privileged tasks encapsulated in administration programs.

  • Change the user’s password (passwd).

  • Change to super-user mode (su, sudo)

  • Mount devices (mount).

Effective UID / Real UID.

  • Real UID (rUID) is the UID of the process creator.

    • App launcher.

  • Effective UID (eUID) is the UID of the process.

    • The one that matters for defining the rights of the process.

    • eUID may differ from rUID.

UID change.

  • Ordinary application.

    • eUID = rUID = UID of the process that executed exec.

    • eUID cannot be changed (unless = 0).

  • Set-UID application.

    • eUID = UID of exec’d application file, rUID = initial process UID.

    • eUID can revert to rUID.

  • rUID cannot change

Set-UID/Set-GID decision flowchart

exec ( path, …).

  • File referred by path has Set-UID?

    • Yes

      • ID = path owner.

        • Change the process effective UID to ID of the path owner.

    • No.

      • Do nothing.

  • File referred by path has Set-GID?

    • Yes

      • ID = path GID.

      • Change the process GIDs to ID only.

    • No

      • Do nothing.

PreviousLinux management privilegesNextCapabilities

Last updated