Common binaries with support for command execution, like `awk` and `vim`, not respecting setuid bit?
0
votes
1
answer
451
views
I'm hardening a Linux system and wanted to test (
setuid-based) shell escapes using common binaries, like awk, vim, etc., supporting command executing.
However, all binaries I've tested except sh and bash don't respect their setuid bit.
In particular, awk continues to execute as a normal user:
$ ls -lL /usr/bin/awk
-rwsr-xr-x 1 root root 121976 Mar 23 2012 /usr/bin/awk
$ id
uid=1000(bob) gid=1000(bob) groups=1000(bob)
$ awk 'BEGIN{system("id")}'
uid=1000(bob) gid=1000(bob) groups=1000(bob)
In contrast, bash executes as root when given the -p option:
$ ls -la /bin/bash
-rwsr-xr-x 1 root root 1168776 Apr 18 2019 /bin/bash
$ /bin/bash -p
# id
uid=1000(bob) gid=1000(bob) euid=0(root) groups=1000(bob)
Is there any way to make awk, vim, less, etc. respect the setuid bit and execute the command as root?
**OS**:
# cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian
HOME_URL="https://www.debian.org/ "
SUPPORT_URL="https://www.debian.org/support "
BUG_REPORT_URL="https://bugs.debian.org/ "
**Update**:
parallels@debian-gnu-linux-vm:~$ ls -la /proc/self/fd/0 /dev/fd/0 /dev/stdin
lrwx------ 1 parallels parallels 64 Mar 26 08:15 /dev/fd/0 -> /dev/pts/1
lrwxrwxrwx 1 root root 15 Mar 20 19:56 /dev/stdin -> /proc/self/fd/0
lrwx------ 1 parallels parallels 64 Mar 26 08:15 /proc/self/fd/0 -> /dev/pts/1
Asked by Shuzheng
(4931 rep)
Mar 24, 2020, 03:16 PM
Last activity: Mar 26, 2020, 01:51 PM
Last activity: Mar 26, 2020, 01:51 PM