What does it mean to be setuid root? Is Setuid root even safe?
I am reading Tanenbaum's Modern Operating Systems 3e. He says "Suppose that the program being attacked [with malicious code] is setuid root in UNIX (or has Administrator power in Windows). The [malicious code inserted with a buffer overflow attack] can now make a couple of system calls to convert the attacker's shell file on the disk into setuid root so that when it is executed it has superuser power."
What does it mean to be SETUID root? Does he mean that the program has root permissions? Why does he say that the program is setuid root? Is setuid root even safe?
SETUID means that the executable can run under different permissions than the user who has executed it.
Certain applications are set like this so the users can run with low permissions but a specific application they need to run with higher permissions can be. SETUID root means that when the program is run it is as if root ran it - which leaves you open to all the usual security risks of running something at high permission levels - it could potentially do anything to your system - so generally the number of applications that require SETUID should be minimized on a Unix box. Most security audits of Unix machines include looking for SETUID and setgid files that are world writeable as they present a high risk.
Is setuid root safe?
Setuid root and setgid files are dangerous because they might give an unauthorized user root access or at least access to run a program in another user’s name. To make a program setuid root, the user must be root. (Remember, you must be the user to which you want to make a program setuid.) So, if you never mount partitions from other machines, and if you are 100% sure that no one can get to the root, you have no problem. However, it is very difficult to be so sure, as hackers may have cracked the root’s password. setuid programs are very convenient for hackers because they might create a back door to the root account, which is still available after the root has changed his password to something the hacker.