Possible to use group with execute permission without setuid?

sudo-project / sudo

Utility to execute a command as another user

https://www.sudo.ws

Other

1.14k stars 209 forks source link

Possible to use group with execute permission without setuid? #385

Closed Earnestly closed 2 weeks ago

Earnestly commented 2 weeks ago

According to some it has been possible to use sudo without setuid by using group level permissions instead. I.e.

chown root:wheel /usr/bin/sudo
chmod =775 /usr/bin/sudo

After attempting this, sudo appears to check that is not setuid and fails with sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set

Is it possible to use sudo in this manner without setuid?

millert commented 2 weeks ago

Sorry, this has never been possible. All you are doing by making the sudo binary mode 775 is allowing users in group wheel to write to the sudo binary itself. Not only will sudo not function but you are creating a security issue since anyone in group wheel can now replace /usr/bin/sudo with a malicious binary.

Earnestly commented 2 weeks ago

Yes, I had wondered why some people claimed this as possible, thanks for clarifying it.