2.5 Task 5: Environment variable and Set-UID Programs

Set-UID is an important security mechanism in Unix operating systems. When a Set-UID program runs, it assumes the owners privileges. For example, if the programs owner is root, then when anyone runs this program, the program gains the roots privileges during its execution. Set-UID allows us to do many interesting things, but it escalates the users privilege when executed, making it quite risky. Although the behaviors of Set-UID programs are decided by their program logic, not by users, users can indeed affect the behaviors via environment variables. To understand how Set-UID programs are affected, let us first figure out whether environment variables are inherited by the Set-UID programs process from the users process.

Step 1.

process.

We are going to write a program that can print out all the environment variables in the current

#include  #include  

extern char **environ; 

void main() {

 int i = 0; while (environ[i] != NULL) { 

 printf("%s ", environ[i]); 

i++; }

}

Step 2. Step 3.

Compile the above program, change its ownership to root, and make it a Set-UID program. In your Bash shell (you need to be in a normal user account, not the root account), use the

export command to set the following environment variables (they may have already exist): PATH

LD LIBRARY PATH

ANY NAME (this is an environment variable defined by you, so pick whatever name you want).

These environment variables are set in the users shell process. Now, run the Set-UID program from Step 2 in your shell. After you type the name of the program in your shell, the shell forks a child process, and uses the child process to run the program. Please check whether all the environment variables you set in the shell process (parent) get into the Set-UID child process. Describe your observation. If there are surprises to you, describe them.