Setuid directories, how did it happen?

[takigama]

About 2 weeks ago someone did something I thought was impossible in linux, and with alot of research i've found "it can be possible under some circumstances" but i cant find anything that explains what they may be.

Basically, the following happened on a debian 6 box, running xfs and i'd really like to know how it was achieved (its a setuid directory);

Code: Select all

{5755}(user@machine) [1:j]-->sudo adduser t 
Adding user `t' ...
Adding new group `t' (1001) ...
Adding new user `t' (1001) with group `t' ...
Creating home directory `/home/t' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for t
Enter the new value, or press ENTER for the default
        Full Name []:
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:
Is the information correct? [Y/n] y

{5756}(user@machine) [1:j]-->sudo chmod 6777 /home/t

{5757}(user@machine) [1:j]-->touch /home/t/somefile

{5758}(user@machine) [1:j]-->ls -al /home/t/somefile
-rw-rw-r-- 1 t t 0 2012-02-17 09:23 /home/t/somefile

{5759}(user@machine) [1:j]-->

At the time i was firmly of the opinion a setuid directory wasnt possibly in linux, but obviously im mistaken.

[dasein]

...i'd really like to know how it was achieved

My first guess would be: because you set it that way.

...i was firmly of the opinion a setuid directory wasnt possibly in linux, but obviously im mistaken.

As you say, your impression is obviously incorrect. See TFM: http://www.gnu.org/s/coreutils/manual/h ... etgid.html

However, note that in your example you are setting both gid and uid. Typically, setuid on a directory is ignored, while setgid is not. (I'd encourage you to verify this for yourself, after you've done a bit more research.)

[takigama]

...i'd really like to know how it was achieved

My first guess would be: because you set it that way.

...i was firmly of the opinion a setuid directory wasnt possibly in linux, but obviously im mistaken.

As you say, your impression is obviously incorrect. See TFM: http://www.gnu.org/s/coreutils/manual/h ... etgid.html

However, note that in your example you are setting both gid and uid. Typically, setuid on a directory is ignored, while setgid is not. (I'd encourage you to verify this for yourself, after you've done a bit more research.)

As i said, i've been coming at this one for two weeks, its not like i bothered posting on a whim cause i was bored, there is seriously not a page that'll turn up on either google, yahoo or bing that relates to suid i havent read - not that that is the only place i've looked either. I've gone thru bits of the linux kernel code and cant really find anywhere that would honor the suid bit on a directory. To be honest, i dont even really want to be able to do this, its just one of those things i've always been under the impression is possible, yet there is someone who managed to do it. Also note, we're talking about a set *USER* id bit, not a set *GROUP* id bit (which linux does honor).

i would say the gnu page is either based on hurd or bsd, i know in bsd it is possible to setuid a directory... in my many many years of using linux, solaris and others, this has never been possible. But just to prove the point;

Code: Select all

paulr@boson:~$ sudo adduser t
[sudo] password for paulr: 
Adding user `t' ...
Adding new group `t' (1003) ...
Adding new user `t' (1002) with group `t' ...
Creating home directory `/home/t' ...
Copying files from `/etc/skel' ...
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
Changing the user information for t
Enter the new value, or press ENTER for the default
	Full Name []: 
	Room Number []: 
	Work Phone []: 
	Home Phone []: 
	Other []: 
Is the information correct? [Y/n] y
paulr@boson:~$ sudo chmod 6777 /home/t
paulr@boson:~$ touch /home/t/somefile
paulr@boson:~$ ls -al !$
ls -al /home/t/somefile
-rw-r--r-- 1 paulr t 0 2012-02-22 08:12 /home/t/somefile

Now did YOU try and make a directory work with suid bit?

[dasein]

Now did YOU try and make a directory work with suid bit?

I did, and it worked exactly as expected.

Enjoy your rant. I'm done.

[takigama]

Now did YOU try and make a directory work with suid bit?

I did, and it worked exactly as expected.

Enjoy your rant. I'm done.

Oky doky, im sorry i asked. as I said, im a pretty experienced linux user, though i do come from more of a redhat/solaris background and to me this has always been a no-show. Its not meant to come across as a rant, but there really hasnt been anything i've come across thats taken me this long to really solve (recently). Aside from actively modifying the kernel, i cant see how its possible. Only thing i've read that suggests its possible is that some fs's with bsd compatability flags may work. However, this was a xfs file system mounted with default,acl.

[takigama]

Just to back me up a bit here, heres a couple of the things i've come across on the web about suid and directories:

from wikipedia: ...The setuid permission set on a directory is ignored on UNIX and Linux systems.

from Linux Journal: ...What about directories? Well, setuid has no effect on directories, but setgid does, and it's a little non-intuitive.

from Ars technica: ...However, the setuid bit on a directory, while ignored under System V semantics, will cause files and directories created inside to inherit user ownership from the setuid directory under BSD semantics. Under Linux, some filesystems have a mount-time option to use BSD semantics rather than the default System V semantics.

well, even if that last part is true, it wouldnt apply to xfs, and not with options of "default,acl". I can seriously sit here all day pulling up examples of this, and everyone i speak to outside of debian says "not possible". I guess theres a possibility it can be done with selinux rules (and thats a big maybe), but i certainly havent had much luck getting debian to do it. But i just cant find anyone who can show me how its done, so i give up!