COMP 266 Lecture Notes - Lecture 4: Setuid, Sudo, Freebsd
30 Jun 2018
School
Department
Course
Professor
Lab 4
Rootly Powers and Processes
1. Use the find command with the -perm option to locate five setuid files on your
system. For each file, explain why the setuid mechanism is necessary for the
command to function properly.
Ans: Setuid attribute allows normal users to execute the file and gain privileges of the user that
created the process. In our five cases, this is root.
/usr/bin/crontab – schedules and executes commands. Setuid neccessary because the scheduled
calls are made when user is logged in.
/usr/bin/rlogin -- allows for remote logging in
/usr/bin/at -- executes command at specific time. Setuid would be neccessary to identify the
caller of said command
/usr/sbin/traceroute -- tracks packets from IP to host. Needs to be called by user, but accesses
device info accessible by root – hence the setuid.
/usr/sbin/timedc -- synchronizes host device time with that of other machines on LAN.
2. Enumerate a sequence of commands that let you modify someone’s password entry,
and show how you could cover your tracks. Assume you had only sudo power (all
commands allowed, but not shells or su).
Ans: Get original date
ls -l /etc/master.passwd
Change password of <username>
sed -i '/<USERNAME>/c\<USERNAME>:NEW_PW_HASH' /etc/master.passwd
Replace timestamp with old
touch -a -m -t [formattedolddate] /etc/master.passwd
3. Create two entries for the sudoers configuration file:
a. One entry that allows users Matt, Adam, and Drew to service the printer, to
unjam the printer, and to restart printer daemons on the machine
printerserver.
b. One entry that allows Drew, Smihgr, and Jim Lane to kill jobs and then
reboot the machine.
Ans: On freeBSD, first install with pkg install sudo.
Visudo, then entered
User_Alias PRINTERS= Matt, Adam, Drew
User_Alias REBOOTERS= Drew, Smihgr, Jim
find more resources at oneclass.com
find more resources at oneclass.com
Document Summary
Rootly powers and processes: use the find command with the -perm option to locate five setuid files on your system. For each file, explain why the setuid mechanism is necessary for the command to function properly. Ans: setuid attribute allows normal users to execute the file and gain privileges of the user that created the process. Setuid neccessary because the scheduled calls are made when user is logged in. Setuid would be neccessary to identify the caller of said command. /usr/sbin/traceroute -- tracks packets from ip to host. Needs to be called by user, but accesses device info accessible by root hence the setuid. /usr/sbin/timedc -- synchronizes host device time with that of other machines on lan: enumerate a sequence of commands that let you modify someone"s password entry, and show how you could cover your tracks. Assume you had only sudo power (all commands allowed, but not shells or su). Change password of sed -i "//c\:new_pw_hash" /etc/master. passwd.
