Best way to gain root privileges

Adam Skutt askutt at gmail.com
Fri Feb 18 15:22:37 CET 2011


On Feb 18, 9:04 am, Ricardo Aráoz <ricar... at gmail.com> wrote:

> I've always asked myself why can't a program be used by users of a
> certain group but run with the privileges of some other user, not
> necessarily the one that uses it, but one created specifically for the
> tasks the program is responsible for.
>
> AFAIK in Linux a program will only run with the privileges of the user
> who runs it.

This is precisely what the setuid /setgid bits do: force the program
to run as the user and group that owns the program, instead of the
user / group of the caller.  It is forbidden for scripts due to lots
of historical problems and inherent difficultly in writing (shell)
scripts that can be elevated securely.

That being said, it's typically a terrible, horrible idea.  The effort
involved in ensuring the program cannot be exploited rarely outweighs
the gains involved from switching privileges.

> Many a time I have wanted to allow access to certain privileges to a user but *only*
> through a program. As far as security is concerned it would be enough
> that only root has permission to give the said program running
> privileges (privileges different from those of the user that is actually
> running it), that only allowed users may modify the program, and that
> *other* users may only run it. This would address the issue of someone
> modifying the program to gain access to it's privileges. Now, if someone
> is able to gain illegal privileges to modify the program, then there
> *is* a security hole and the program is not really the problem.

sudo already does this to a limited degree.  If you want more
granularity than sudo, you're looking at mandatory access controls.

Adam



More information about the Python-list mailing list