Task $5$: Environment Variable and Set$-$UID Programs

Set$-$UID is an important security mechanism in Unix operating systems. When a Set$-$UID program

runs, it assumes the owner$$s privileges. For example, if the program$$s owner is root, when anyone runs

this program, the program gains the root$$s privileges during its execution. Set$-$UID allows us to do many

interesting things, but since it escalates the user$$s privilege, it is quite risky. Although the behaviors of

Set$-$UID programs are decided by their program logic, not by users, users can indeed affect the behav

iors via environment variables. To understand how Set$-$UID programs are affected, let us first figure out

whether environment variables are inherited by the Set$-$UID program$$s process from the user$$s process.

Step $1.$ Writethe following program that can print out all the environment variables in the current process.

#include

#include

extern char $**$environ;

int main$()$

$\{$

int i $=0$;

while $($environ$[$i$]!=$ NULL$)\{$

printf$("\%$s

$",$ environ$[$i$])$;

i$++$;

$\}$

$\}$

Step $2.$ Compile the above program, change its ownership to root, and make it a Set$-$UID program.

$//$ Assume the program$$s name is foo

$ sudo chown root foo

$ sudo chmod $4755$ foo

$4$

Environment Variable and Set$-$UID Program Lab

CIS $495/595$

Step $3.$ In your shell $($you need to be in a normal user account, not the root account$),$ use the export

command to set the following environment variables $($they may have already exist$)$:

$$ PATH

$$ LD

LIBRARY

$$ ANY

PATH

NAME $($this is an environment variable defined by you, so pick whatever name you want$).$

These environment variables are set in the user$$s shell process. Now, run the Set$-$UID program from

Step $2$ in your shell. After you type the name of the program in your shell, the shell forks a child process,

and uses the child process to run the program. Please check whether all the environment variables you set

in the shell process $($parent$)$ get into the Set$-$UID child process. Describe your observation. If there are

surprises to you, describe them.