The Linux Security Journey — SUID (Saved User ID)

In this context SUID stands for “Saved User ID” (and it is different from SUID bit — https://medium.com/@boutnaru/linux-security-suid-bit-d4f553e7d99e). It is used when we have a task (process/thread) execuring with high privilege (such as root, but not limited to that) which needs to do something in an unprivileged manner. Due to the fact, we want to work in a “least privilege” principle (https://www.techtarget.com/searchsecurity/definition/principle-of-least-privilege-POLP), we need to use the high privileges only when it is a must.

Thus, we use the SUID in order to save the EUID (https://medium.com/@boutnaru/the-linux-security-journey-euid-effective-user-id-65f351532b79) and then do the change which causes the task to execute as an unprivileged user. After finishing the operation/s the EUID is taken back from the SUID (https://stackoverflow.com/questions/32455684/difference-between-real-user-id-effective-user-id-and-saved-user-id).

Lastly, we can use the “setresuid” syscall for setting a different value between EUID and SUID (https://man7.org/linux/man-pages/man2/setresuid.2.html) — as shown in the screenshot below. We can see that we can set euid=0 if our suid=0 but we can’t do that if suid!=0.

See you in my next writeup ;-) You can follow me on twitter — @boutnaru (https://twitter.com/boutnaru). Also, you can read my other writeups on medium — https://medium.com/@boutnaru. You can find my free eBooks at https://TheLearningJourneyEbooks.com.