Editing Setuid (section)

== Security ==
Developers design and implement programs that use this bit on executables carefully in order to avoid security vulnerabilities including [[buffer overrun]]s and [[path injection]]. Successful buffer-overrun attacks on vulnerable applications allow the attacker to execute arbitrary code under the rights of the process exploited. In the event that a vulnerable process uses the <code>setuid</code> bit to run as <code>root</code>, the code will execute with root privileges, in effect giving the attacker root access to the system on which the vulnerable process is running.

Of particular importance in the case of a <code>setuid</code> process is the [[Environment (computing)|environment]] of the process. If the environment is not properly sanitized by a privileged process, its behavior can be changed by the unprivileged process that started it.<ref>{{cite web |title=Ghosts of Unix past, part 4: High-maintenance designs |url=https://lwn.net/Articles/416494/ |first=Neil |last=Brown |date=November 23, 2010 |website=LWN.net |accessdate=30 March 2014}}</ref> For example, [[GNU libc]] was at one point vulnerable to an [[security exploit|exploit]] using <code>setuid</code> and an environment variable that allowed executing code from untrusted [[shared libraries]].<ref>{{cite web |title=Two glibc vulnerabilities |url=https://lwn.net/Articles/412048/ |first=Jake |last=Edge |date=October 27, 2010 |website=LWN.net |accessdate=30 March 2014}}</ref>