Tuesday, April 19, 2011

About setuid behavior for (chown & chmod) SUA programs

According to the POSIX standard, a file has permissions that include bits to set a UID (setuid) and set a GID (setgid) when the file is executed. If either or both bits are set on a file, and a process executes that file, the process gains the UID or GID of the file. When used carefully, this mechanism allows a nonprivileged user to execute programs that run with the higher privileges of the file's owner or group. When used incorrectly, however, this can present security risks by allowing nonprivileged users to perform actions that should only be performed by an administrator. For this reason, Utilities and SDK for Subsystem for UNIX-based Applications Setup does not enable support for this mechanism by default.
You should enable support for setuid behavior only if you are sure you will be running programs that require support for this behavior. Even if you do not enable support for setuid behavior when installing Utilities and SDK for Subsystem for UNIX-based Applications, you can enable it later.
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
To enable Setuid:
    click Start -> Run. type regedit.
    traverse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SUA
    Double Click on EnableSetuidBinaries -> Set the value to 1.
To disable Setuid:
    click Start -> Run. type regedit.
    traverse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SUA
    Double Click on EnableSetuidBinaries -> Set the value to 0.
Notes:
  •     you need administrator privileges to do this.
  •     You will have to restart the machine for this setting to take effect.
  •     This is deprecated for the current release, since this has a security impact.

No comments:

HTMLCode

HTMLCode Content