SETUID

What is setuid?

setuid stands for "set user ID on execution." It’s a special permission that can be set on executable files in Unix/Linux systems.

Normally, when you run a program, it runs with your user permissions.

With setuid, the program runs with the permissions of the file’s owner, no matter who launches it.

Example:

  • Suppose a program example is owned by root.

  • The setuid bit is turned on for this program.

When bob (a regular user) runs example, the program runs as root — even though bob is not root!

🛠 Command to set setuid:

chmod u+s example

You would see the permissions look something like this:

-rwsr-xr-x 1 root root 12345 Apr 27 09:00 example

Notice the **s** in rws — that tells you setuid is set!

Why does setuid exist?

Sometimes programs need temporary elevated permissions to do certain tasks.

Example:

  • The passwd command (to change your password) needs to update /etc/shadow, a file only root can edit.

  • You obviously don’t want every user to have permanent root access — so passwd is a setuid root program.

  • It temporarily becomes root while running and updates your password.

Why is setuid dangerous?

Because if the program has a bug, a hacker could exploit it and gain full control as the program’s owner (e.g., root!).

Bad things that can happen:

  • Privilege escalation (gaining root access when you shouldn't)

  • Arbitrary code execution (running malicious code as root)

  • System compromise

That's why:

  • Only very carefully written programs should have setuid.

  • You should avoid making your own programs setuid unless absolutely necessary.

PreviousLab 10.2 - Exploiting NancurinirNextPermissions

Last updated