Becoming Root Through An SUID Executable
Welcome back to the Linux Security Series! In this series, we’ll discuss security issues that affect Linux systems and common misconfigurations that lead to them. Let’s get started!
Privilege escalation is a way that attackers can escalate their privileges on a system. For example, let’s say that an attacker has gained access to your web server, but only as a low privileged user. They cannot read or write sensitive files, execute scripts, or change system configuration. How could they compromise your server and maintain their access there?
If attackers can find a way to trick the system into thinking that they are the root user, they can carry out more powerful attacks like reading and writing sensitive files and inserting permanent backdoors into the system. And this is where privilege escalation comes in. Today, let’s talk about how attackers can exploit SUID programs to escalate their privileges to become root.
The SUID Bit
SUID stands for “SetUID”. It is a Linux permissions flag that allows users to run that particular executable as the executable's owner. For example, if a file is owned by root, the program will always run as root, regardless of who started the execution.
