SUID (Set User ID) is a Linux special permission that lets an executable run with its owner's privileges rather than the executing user's. When a root-owned binary has SUID set, any user running it temporarily gains root-level access. The post explains how SUID works, how to identify SUID-enabled files using `find / -perm -4000`, how to grant or revoke SUID with chmod, and demonstrates a classic exploitation scenario using older Nmap's interactive mode to spawn a root shell. Both defenders and penetration testers should regularly audit SUID binaries as they represent a common privilege escalation vector.
Sort: