I'm a little confused. If I copy zsh into tmp and change the Set-UID bit chmod u s change the user and then run the copied zsh. If I run whoami I get root. If I do the same thing to bash, after I run bash I get the user I was logged into before hand. Is there any reason for why they act different?

CodePudding user response：

This is an intentional feature of bash; to disable it, run bash with the -p option.

In more detail: when you run a setuid binary, the process's effective uid (euid) is set to that of the binary, but its real uid isn't changed. bash detects the difference, and (if the -p option wasn't passed) it resets its euid to the real uid.

From the bash manual:

Invoked with unequal effective and real UID/GIDs

If Bash is started with the effective user (group) id not equal to the real user (group) id, and the -p option is not supplied, no startup files are read, shell functions are not inherited from the environment, the SHELLOPTS, BASHOPTS, CDPATH, and GLOBIGNORE variables, if they appear in the environment, are ignored, and the effective user id is set to the real user id. If the -p option is supplied at invocation, the startup behavior is the same, but the effective user id is not reset.