Overview

Set-UID is an important security mechanism in Unix operating systems. When a Set-UID program runs, it assumes the owner's privileges. For example, if the program's owner is root, then when anyone runs this program, the program gains the root's privileges during its execution. Set-UID allows us to do many interesting things, but unfortunately, it is also the culprit of many bad things. The objective of this lab is for students to understand what risks such privileged programs face and how they can be attacked if there are mistakes in the code.

Tasks (English) (Spanish)

• VM version: This lab has been tested on our SEED Ubuntu-20.04 VM
• Lab setup files: DO NOT unzip the file in a shared folder, as that would cause problems. Copy the zip file to another folder inside the VM, and then use the unzip command to unpack.
  • Labsetup.zip

Time (Suggested)

• Supervised (closely-guided lab session): 3 hours
• Unsupervised (take-home project): 1 week

SEED Videos

• Udemy: Computer Security: A Hands-on Approach (§ 2)

SEED Books (English) (Chinese)

• Computer & Internet Security: A Hands-on Approach, 3rd edition (§ 2, 3)
• Computer Security: A Hands-on Approach, 3rd edition (§ 2, 3)

Additional Reading

• Checklist for Security of Setuid Programs
• Chen, Wagner, and Dean. Setuid Demystified
• Bishop. How to write a Set-UID program

Feedback and Help