Setuid on rcp not working as expected

While pentesting in a lab, came across an rcp binary with setuid bit which looked like a potential privilege escalation vector.

bash-3.1$   ls -l /usr/bin/rcp -rwsr-xr-x 1 root root 18544 May 18  2007 /usr/bin/rcp 

Following the explanation at https://securiteam.com/exploits/6b00l1p0bc/ , I tried the following:

bash-3.1$   /usr/bin/rcp 'bob bobalina;/usr/bin/id;' 127.0.0.1 uid=48(apache) gid=48(apache) groups=48(apache) bash: 127.0.0.1: command not found 

My understanding is that since rcp is setuid as root, any command executed by it must be run as root. Why am I then seeing the output of /usr/bin/id as apache, which is the user I am running as?

I’m not a great Linux guy so if I’m missing something obvious, please let me know.

I’ve also tried the command injection with backticks, got the same result:

bash-3.1$   /usr/bin/rcp ``bob bobalina;/usr/bin/id;`` 127.0.0.1 uid=48(apache) gid=48(apache) groups=48(apache) bash: 127.0.0.1: command not found 

How to create installable app with setuid bit set owned by root

I have inherited a codebase that needs updating, but I don’t have the build scripts that created the final pkg file.

The code needs to access a connected USB device (treated as a drive) to read and write bits to, and so it needs escalated privelidges. Due to the non technical nature of the end users, they need to be able to click on the app, and can’t be expected to run it from the command line with sudo.

The current installer installs to /Applications/myapp.app, with myapp.app/Contents/MacOS/myapp being set to -rwsr-xr-x root:staff permissions. When installed, this app runs just fine without complaint.

I managed to make a similar pkg file using pkgbuild, and it creates a similar folder in /Applications, with the same permissions, newapp.app/Contents/MacOS/newapp -rwsr-xr-x root:staff. But if I try to run the app without sudo, then I get “The application with bundle ID newapp is running setugid(), which is not allowed.”

The mac I have is running macos 10.13.6 The app is python that have been packaged into a binary.

How am I supposed to package this code so it runs as root after it’s been installed?

How to solve this error `sudo: /usr/local/bin/sudo must be owned by uid 0 and have the setuid bit set` without reinstalling ubuntu?

TLDR: I am running Ubuntu 18.04 with i3 and I messed up my permissions. Whenever I run a command with sudo, I get this error message, sudo: /usr/local/bin/sudo must be owned by uid 0 and have the setuid bit set. I am trying to figure out if I need to fully re-install Ubuntu or if this can be fixed in a less drastic way.

What had happened was: I was trying to upgrade my npm version with nvm and the nvm command was not being recognized. I followed this stackoverflow post’s instructions https://stackoverflow.com/questions/21215059/cant-use-nvm-from-root-or-sudo to copy the version of node I had active via nvm into the /usr/local. I ran the below. (Yes, I realize now that I should have investigated this series of commands before running them.)

n=$  (which node); \ n=$  {n%/bin/node}; \ chmod -R 755 $  n/bin/*; \ sudo cp -r $  n/{bin,lib,share} /usr/local 

I then got tons of errors saying chmod: changing permissions of '/usr/bin/*': Operation not permitted

After that I ran sudo nvm install-latest-npm and got the same error as I had before, sudo: nvm: command not found.

Then I tried running another command with sudo, and got the error sudo: /usr/local/bin/sudo must be owned by uid 0 and have the setuid bit set. I now get this error whenever I run anything with sudo.

I think this problem was caused by me running chmod -R 755 $ n/bin/*; \ but I’m confused because the error message said permissions for /usr/bin were not changed.
I have a two-part question: 1) What caused this error? Am I correct that it was caused by the chmod -R command? 2) Can I fix this without completely reinstalling ubuntu? If so, how?

For context, I already read these two questions sudo: /usr/lib/sudo/sudoers.so must be owned by uid 0 and this /usr/bin/sudo must be owned by uid 0 and have the setuid bit set. However, I am not sure if the advice from the first question’s answer applies to this situation, because the error message I receive is not referring specifically to /usr/lib/sudo/sudoers.so.

Thanks for reading!