Secret Handshake 2.0

I’m part of the Nexus Project, a volunteer-run Linux server cluster at Carleton; we do a couple of cleverish things, like supporting the Robotics club, providing server space to various organizations and so on. This year, we’ve started looking for new people to admin the system, and as a result we’ve had to make some decisions about who we give root access to, and who we don’t.

Now, Linux is a hard thing to learn, because there’s an awful lot of it, and a lot of it does some pretty wierd and nonintuitive stuff. The available documentation is almost universally awful, and missteps with root access can be costly; it’s a good idea to pause for a breath between the end of the command and the hitting of return, because when you’ve got a howitzer hanging from your belt shooting yourself in the foot just isn’t funny.

So we’ve had to come up with a simple test. You’re welcome to take it yourself, but I won’t give you the password either way. Here it is, in its entirety:

1) What is wrong with the following?

root@nexus:/bin$ chmod +s chmod

Remember, no peeking.

Update: Lara has nailed it, read on.

“Okay, set permissions for chmod to be the same as root, so anyone could have full permissions for whatever files they wanted with a simple chmod 777 command (or whatever the Linux equivalent is).”

Precisely. The “+s” thing means that when the recipient program is executed, it runs with the permissions of that program’s owner (see chown) rather than the executor. In chmod’s case, that’s invariably root. Which means that anybody can change anything else to run with root permissions which is, from a network security perspective, the end of the world. You need to be root to start the ball rolling, so Shaver’s observation in the first comment is of course correct: the problem with that line is that the person should never have been given root access in the first place.

I like this test for two reasons. The first one has a very low barrier to entry – you need to know what chmod +s does – but you also have to know why allowing chmod to run as root all the time is a catastrophically bad idea. The second one, though, is that you have to have done a little bit of research to figure that out, because “man chmod” tells you nothing except “look at ‘info chmod'” and info pages are a bad joke.

My theory is that if you’ve struggled through the awful documentation to figure out what something as obscure as that (try “man setuid”, for kicks) and you’re willing to volonteer your time to a student project, then you’re probably one of the good guys.

13 Comments

  1. Posted December 8, 2003 at 1:05 pm | Permalink

    Obviously, what’s wrong is that this person should not have had root. At least he/she likes to share!

    Mike

  2. Zeynep
    Posted December 8, 2003 at 1:19 pm | Permalink

    At a guess (since I don’t know precisely what +s does; when it comes to chmod I only know how to construst the three rwx’s by 4+2+1), since you declare that there’s something wrong with the statement, it messes up the execute permissions of chmod, therefore at one fell stroke screwing something up and making it impossible to fix (since the person-to-fix would also need to use chmod, except s/he wouldn’t be able to, since its execute permission bit would have been messed up.)

    How close am I?

    At any rate, what I do know is that the commands “rm” and “chmod” should be treated with the amount of caution usually reserved for open vials of nitroglycerine if your username is root.

  3. Mike Hoye
    Posted December 8, 2003 at 2:37 pm | Permalink

    Zynep, you are close, but you have not yet snatched the pebble from my hand.

    Shaver has his own pebbles, so he only gets a high-five.

  4. Posted December 8, 2003 at 3:05 pm | Permalink

    See, having not taken the time to learn linux due to Extreme Procrastination™, but having been at one time a DOS Wizard, when I first look at that statement, I think: “Seems sensible enough. Make chmod a system file so that nobody can accidentally delete it …”. Then I remember what +s means on POSIX compliant systems, and get to feel smart that I’ve apparently been able to remember, like, 3 things about Linux, and one of them was important!

  5. Lara
    Posted December 8, 2003 at 5:26 pm | Permalink

    Now, it’s been a long time since I’ve used Unix, and I’ve never used Linux, but I would guess that this would set permissions for all users to be the same as root. Am I close?

  6. Mike Hoye
    Posted December 8, 2003 at 5:54 pm | Permalink

    The lovely Ms. Beaton is very close, very close indeed.

  7. Lara
    Posted December 8, 2003 at 6:21 pm | Permalink

    Okay, set permissions for chmod to be the same as root, so anyone could have full permissions for whatever files they wanted with a simple chmod 777 command (or whatever the Linux equivalent is).

  8. Posted December 8, 2003 at 6:27 pm | Permalink

    If you’ll forgive a complete stranger wandering in…

    After some research to expand my knowledge of this arcane thing called “setuid”, I reckon this would allow any user to wield chmod as if they were root.

    Which would lead to some interesting detective work later on, when you tried to figure out how “juniorpleb” managed to trash the whole filesystem.

    (curses, beaten to it while I polished my deathless prose [tips hat to Lara])

    it’s a good idea to pause for a breath between the end of the command and the hitting of return

    Amen to that.

  9. dorkSpotter
    Posted December 8, 2003 at 10:38 pm | Permalink

    Comment removed – MH.

  10. Lara
    Posted December 8, 2003 at 11:02 pm | Permalink

    Dear dorkspotter,

    I mean this in the kindest way possible – Go fuck yourself.

  11. Mike Hoye
    Posted December 8, 2003 at 11:19 pm | Permalink

    That’s classy. I really didn’t want to have to start moderating for content around here, but insulting my friends is more than enough reason for me to start.

    It’s a goddamned shame that you apparently can’t have any kind of a town square anymore without somebody pissing in the well.

  12. dorkSpotter
    Posted December 9, 2003 at 2:39 am | Permalink

    Comment removed. – MH

  13. Posted December 9, 2003 at 10:19 am | Permalink

    I’d’ve said the problem with that command is that there’s basically never any reason for you to be fucking around with permissions for system files in the first place, and if you think it’s a good idea, you’re almost certainly wrong and don’t know what you’re doing.

    That the command actually does something horrible is beside the point; running ‘chmod 755 chmod’ would be just as bad an idea.