Operating System - HP-UX
1827593 Members
2790 Online
109965 Solutions
New Discussion

Frecovering suid programs

 
Chris Evans_1
New Member

Frecovering suid programs

Hi all,

I am suffering a little at the moment with a problem using frecover.

As root I can frecover any file with the suid bit set but as a non root user the file is recovered with just the execute bits set. Is this the standard behaviour? Am I doing something stupid?

I have tried this on 10.20 and on 11.00 so I don't think it is a patch level problem.
4 REPLIES 4
Sridhar Bhaskarla
Honored Contributor

Re: Frecovering suid programs

Chris,

It makes perfect sense to me frecover not recovering SUID programs for ordinary user. So the case, I can restore an SUID program from the back myself and become a super user.

I believe it's a feature of frecover though officially I am not sure :-)

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
A. Clay Stephenson
Acclaimed Contributor

Re: Frecovering suid programs

Hi Chris,

This is perfectly normal behavior otherwise there would be a huge security problem. In fact, try this: Create a file my.exe owned by root and make it 4755 \via chmod. Nexp cp -p my.exe my2.exe as an ordinary user. You will see that the setuid bit is cleared in the copy.
If it worked any other way, it would be trivially easy for any user to create a setuid program owned by root.


If it ain't broke, I can fix that.
Chris Evans_1
New Member

Re: Frecovering suid programs

Thanks Guys,

I am trying to recover files owned by the ingres user as the ingres user. I understand the security implecations of letting users recover other users suid programs but what is the problem with recovering your own?
Klaus Crusius
Trusted Contributor

Re: Frecovering suid programs


fbackup / frecover seem not to support non-root users quite well. (I get a "fbackup(1010): semget failed for the semaphore" if I try fbackup).

You can use tar -px to recover the setuid bit of a file owned by yourself. I do not see a security hole there, because it is possible to set the bit to the original file as well. cp -p works this way, too.

Klaus
There is a live before death!