4

What's to stop somebody from creating a setuid-root binary on a flash drive, then putting it into another person's computer and getting root access? I assume there's some kind of protection against that, but I don't have a spare drive to test with.

EDIT: Formerly said "script"; changed to binary. See my comment.

flarn2006
  • 664
  • 3
  • 11
  • 21
  • Are you just interested in scripts, as your question implies, or do you want information on similar types of apparent attacks? If just scripts, why? If not, could you please clarify your question? – Daniel H Aug 14 '11 at 06:38
  • @DanielH This is an old question that has already been answered, but when I asked this I wasn't aware that setuid didn't work on scripts. I just said scripts because I figured that would be the most convenient way to escalate privilege in this manner, if it worked. But my question applies just as much to binaries as well. I'll edit it. – flarn2006 Jul 31 '19 at 16:59

1 Answers1

6

If a volume is mounted nosuid then the setuid bit is ignored on executables. At least newer versions of Fedora mount external media with this option.

Also, setuid does nothing for scripts unless the interpreter is prepared to run a separate copy of the interpreter as the user in question. Not many are.

Ignacio Vazquez-Abrams
  • 111,361
  • 10
  • 201
  • 247