Becoming Root Through An SUID Executable

Linux Privilege Escalation By Exploiting The SUID Bit

Image for post
Image for post
Photo by Kevin Horvat on Unsplash

The SUID Bit

SUID stands for “SetUID”. It is a Linux permissions flag that allows users to run that particular executable as the executable's owner. For example, if a file is owned by root, the program will always run as root, regardless of who started the execution.

Image for post
Image for post

Escalating Privileges Using The Vulnerability

These misconfigurations make privilege escalation trivial. For example, an attacker can use the ability to execute commands as root and add themselves as a root user in the /etc/passwd file. This command will do just that.

echo “vickie::0:0:System Administrator:/root/root:/bin/bash” >> /etc/passwd

More SUID Dangers

Programs that lead to privilege escalation when run with SUID are not just limited to programs that allow for arbitrary system code execution. Any programs that allow arbitrary writes to system files are owned by root and have the SUID bit set can lead to privilege escalation.

Be Careful!

You can see that SUID could become incredibly dangerous when misused. SUID rights should only be granted to programs when necessary and not to programs that allow command execution or arbitrary writes to files on the system.

Professional investigator of nerdy stuff. Hacks and secures. Creates god awful infographics. https://twitter.com/vickieli7

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store