summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--README.md43
1 files changed, 43 insertions, 0 deletions
diff --git a/README.md b/README.md
index b3b2331..f406225 100644
--- a/README.md
+++ b/README.md
@@ -955,6 +955,49 @@ Your report should include advice to other people attempting to do the same.
Rootly Powers and Processes
1. Use the find command with the -perm option to locate five setuid files on your system. For each file, explain why the setuid mechanism is necessary for the command to function properly.
+
+ ```bash
+ モ find /usr/bin -perm /u=s,g=s
+ /usr/bin/fusermount-glusterfs
+ /usr/bin/pkexec
+ /usr/bin/locate
+ /usr/bin/at
+ /usr/bin/write
+ /usr/bin/keybase-redirector
+ /usr/bin/su
+ /usr/bin/chsh
+ /usr/bin/chage
+ /usr/bin/newgrp
+ /usr/bin/crontab
+ /usr/bin/sudo
+ /usr/bin/gpasswd
+ /usr/bin/passwd
+ /usr/bin/umount
+ /usr/bin/mount
+ /usr/bin/staprun
+ /usr/bin/fusermount
+ /usr/bin/chfn
+ ```
+
+ `/usr/bin/su` needs the setuid permission so that any user can attempt to run commands commands as another user.
+ In order to verify this attempt, the program needs root privilege to verify credentials and access.
+
+ `/usr/bin/chsh` needs permission to edit the `/etc/passwd` file which is owned by root. Any user on the system
+ should be able to choose what shell they want to use but they do not need to be able to edit the `/etc/passwd` file.
+
+ `/usr/bin/passwd` needs permission to change a users password. Any user on the system
+ should be able to change their own password without requiring root permission to do so.
+
+ `/usr/bin/sudo` needs root privilege to execute a command as another user and very credentials and access.
+ This program can be run by any user to try to escalate their privilege.
+ ```bash
+ モ ls -alh /usr/bin/su
+ -rwsr-xr-x. 1 root 82K Jul 19 04:56 /usr/bin/su*
+ ```
+
+
+
+
2. Enumerate a sequence of commands that let you modify someone’s password entry, and show how you could cover your tracks. Assume you had only sudo power (all commands allowed, but not shells or su).
3. Create two entries for the sudoers configuration file:
a. One entry that allows users Matt, Adam, and Drew to service the printer, to unjam the printer, and to restart printer daemons on the machine printerserver.
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-02 04:38:01 +0000