After you have worked for a while with Linux you discover probably
that there is much more to file permissions than just the "rwx" bits.
When you look around in your file system you will see "s" and "t"
$ ls -ld /tmp
drwxrwxrwt 29 root root 36864 Mar 21 19:49 /tmp
$ which passwd
/usr/bin/passwd
$ ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 22984 Jan 6 2007 /usr/bin/passwd
What is this "s" and "t" bit? The vector of permission bits is really
4 * 3 bits long. Yes there are 12 permission bits,not just 9.The first
three bits are special and are frequently zero. And you almost always
learn about the trailing 9 bits first.Some people stop there and never
learn those first three bits.
The forth permission bit is used only when a special mode of a file
needs to be set. It has the value 4 for SUID, 2 for SGID and 1 for the
sticky bit. The other 3 bits have their usual significance.
Here we will discuss about the 3 special attributes other than the
common read/write/execute:
1.Set-User-Id (SUID)
2.Set-Group-Id (SGID)
3.Sticky Bit
Set-User_Id (SUID): Power for a Moment:
By default, when a user executes a file, the process which results in
this execution has the same permissions as those of the user. In fact,
the process inherits his default group and user identification.
If you set the SUID attribute on an executable file, the process res-
ulting in its execution doesn't use the user's identification but the
user identification of the file owner.
The SUID mechanism,invented by Dennis Ritchie,is a potential security
hazard. It lets a user acquire hidden powers by running such a file
owned by root.
$ ls -l /etc/passwd /etc/shadow /usr/bin/passwd
-rw-r--r-- 1 root root 2232 Mar 15 00:26 /etc/passwd
-r-------- 1 root root 1447 Mar 19 19:01 /etc/shadow
The listing shows that passwd is readable by all, but shadow is unre-
adable by group and others. When a user running the program belongs to
one of these two categories (probably, others), so access fails in the
read test on shadow. suppose normal user wants to change his password,
How can he do that? He can do that by running /usr/bin/passwd. Many
UNIX/Linux programs have a special permission mode that lets users
update sensitive system files –like /etc/shadow --something they can't
do directly with an editor. This is true of the passwd program.
$ ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 22984 Jan 6 2007 /usr/bin/passwd
The s letter in the user category of the permission field represents a
special mode known as the set-user-id (SUID). This mode lets a process
have the privileges of the owner of the file during the instance of
the program. Thus when a non privileged user executes passwd, the eff-
ective UID of the process is not the user's, but of root's – the owner
of the program. This SUID privilege is then used by passwd to edit
/etc/shadow.
What is effective user-id:
Every process really has two user IDs: the effective user ID and the
real user ID. (Of course, there's also an effective group ID and real
group ID.Just about everything that's true about user IDs is also true
about group IDs) Most of the time,the kernel checks only the effective
user ID. For example, if a process tries to open a file, the kernel
checks the effective user ID when deciding whether to let the process
access the file.
Save the following script under the name reids.pl and make it
executable (chmod 755 reids.pl).
#!/usr/bin/perl
# print real UID
print "Real UID: $<\n";
# print real GID
print "Real GID: $(\n";
# print effective UID
print "Effective UID: $>\n";
# print effective GID
print "Effective GID: $)\n";
check file permissions:
$ ls -l reids.pl
-rwxr-xr-x 1 venu venu 203 Mar 24 10:40 reids.pl
Note: For security reasons the s-bit works only when used on binaries
(compiled code) and not on scripts (an exception are perl scripts).
Scripts,i.e. programs that cannot be executed by the kernel directory
but need an interpreter such as the Bourne shell or Java,can have
their setuid bit set, but it doesn't have any effect. There are some
platforms that honor the s bits even on scripts ( some System V vari-
ants, for example), but most systems don't because it has proven such
a security headache - most interpreters simply aren't written with
much security in mind. Set the SUID bit on shell script is useless,
that's why I am using perl script here.
When you run the script you will see that the process that runs it
gets your user-ID and your group-ID:
$ ./reids.pl
Real UID: 500
Real GID: 500 500
Effective UID: 500
Effective GID: 500 500
Note: If you get an error like this:
Can't do setuid (cannot exec sperl)
In Debian install perl-suid using following command:
apt-get install perl-suid
In Centos install perl-suidperl using following command:
yum install perl-suidperl
Now change owner ship to another user (Do it as an administrator).
# chown king /home/venu/reids.pl
# ls -l /home/venu/reids.pl
-rwxr-xr-x 1 king venu 203 Mar 24 10:40 /home/venu/reids.pl
Now run the script again.
$ ./reids.pl
Real UID: 500
Real GID: 500 500
Effective UID: 500
Effective GID: 500 500
What you observed, the output of the program depends only on the user
that runs it and not the one who owns the file.
How to assign SUID permission:
The SUID for any file can be set (mostly by the superuser) with a
special syntax of the chmod command. This syntax uses the character s
as the permission. Now add SUID permission to the script reids.pl :
# chmod u+s /home/venu/reids.pl (Do it from root account)
Now return from the super user mode to the usual non privileged mode.
$ ls -l reids.pl
-rwsr-xr-x 1 king venu 203 Mar 24 10:40 reids.pl
To assign SUID in an absolute manner, simply prefix 4 to whatever
octal string you would otherwise use (like 4755 instead of 755).
The file reids.pl is owned by king and has the s-bit set where norma-
lly the x is for the owner of the file. This causes the file to be
executed under the user-ID of the user that owns the file rather than
the user that executes the file. If venu runs the program then this
looks as follows:
$ perl reids.pl
Real UID: 500
Real GID: 500 500
Effective UID: 503
Effective GID: 500 500
Effective user id of process is 503, this is not the venu's , but of
king's - the owner of the program. As you can see this is a very powe-
rful feature especially if root owns the file with s-bit set. Any user
can then do things that normally only root can do.
Caution: When you write a SUID program then you must make sure that
it can only be used for the purpose that you intended it to be used.
As administrator, you must keep track of all SUID programs owned by
root that a user may try to create or copy. The find command easily
locate them:
# find /home -perm -4000 -print | mail root
The extra octal bit (4) signifies the SUID mode, but find treats the
"–" before 4000 as representing any other permissions.
Set-Group_Id (SGID):
The set-group-id (SGID) is similar to SUID except that a program with
SGID set allows the user to have the same power as the group which
owns the program. The SGID bit is 2,and some typical examples could be
chmod g+s reids.pl or chmod 2755 reids.pl.
You can remove SGID bit using following commands:
$ chmod g-s reids.pl
$ chmod 755 reids.pl (Absolute manner)
It is really useful in case you have a real multi-user setup where
users access each others files. As a single homeuser I haven't really
found a lot of use for SGID. But the basic concept is the same as the
SUID,Similar to SUID, SGID also grants privileges and access rights to
the process running the command, but instead of receiving those of the
file's owner it receives those of the file's group. In other words,the
process group owner will be set to the file's group.
I explain it with an example. I have created two user accounts king
and venu with same home directory project. king belongs to king and
development groups, venu belongs to venu and development groups.
# groups king venu
king : king development
venu : venu development
venu's default group is venu and king's default group is king.
Login as king and create reids.pl file again and make it executable
(using chmod 755 reids.pl) .
$ id
uid=503(king) gid=503(king) groups=501(development),503(king)
$ ls -l reids.pl
-rwxr-xr-x 1 king development 203 Mar 25 19:00 reids.pl
Now login as venu and run the program:
$ id
uid=501(venu) gid=504(venu) groups=501(development),504(venu)
$ perl reids.pl
Real UID: 501
Real GID: 504 504 501
Effective UID: 501
Effective GID: 504 504 501
The effective GID of the process is the venu's,but not of the king's
-the owner of the program.
Now login as king and assign SGID bit to reids.pl program:
$ chmod 2755 reids.pl; ls -l reids.pl
-rwxr-sr-x 1 king development 203 Mar 25 19:00 reids.pl
Now login as venu and run the reids.pl program:
$ perl reids.pl
Real UID: 501
Real GID: 504 504 501
Effective UID: 501
Effective GID: 501 504 501
Real GID and Effective GID are different,here Effective GID is the
king's - the owner of the program.
Set SGID on a directory:
When SGID is set on a directory it has a special meaning. Files crea-
ted in a directory with SGID set will inherit the same group ownership
as the directory itself,not the group of the user who created the file.
If the SGID is not set the file's group ownership corresponds to the
user's default group.
In order to set the SGID on a directory or to remove it, use the
following commands:
$ chmod g+s directory or $ chmod 2755 directory
$ chmod g-s directory or $ chmod 755 directory
As I mentioned earlier venu and king's home directory is same that is
/home/project. I changed group ownership of /home/project directory
to development.
# ls -ld /home/project/
drwxrwxr-x 16 root development 4096 Mar 26 00:22 /home/project/
Now login as king and create a temp file.
$ whoami
king
$ pwd
/home/project/
$ touch temp; ls -l temp
-rw-r--r-- 1 king king 0 Mar 26 12:34 temp
You can see from the ls output that the group owner for project is
development, and that the SGID bit has not been set on the directory
yet. When king creates a file in project, the group for the file is
king (king's primary gid).
Set SGID bit on project directory. For that login as administrator
and set SGID bit using following command:
# chmod g+s /home/project/
# ls -ld /home/project/
drwxrwsr-x 15 root development 4096 Mar 26 12:34 /home/project/
From the ls output above, you know the SGID bit is set because of the
s in the third position of the group permission set,which replaces the
x in the group permissions.
Now login as king and create temp2 file.
$ whoami
king
$ touch temp2; ls -l temp2
-rw-r--r-- 1 king development 0 Mar 26 13:49 temp2
Notice the group ownership for temp2 file. It inherits group permiss-
ion from the parent directory.
Enabling SGID on a directory is extremely useful when you have a
group of users with different primary groups working on the same set
of files.
For system security reasons it is not a good idea to set many
program's set user or group ID bits any more than necessary,since this
can allow an unauthorized user privileges in sensitive system areas.If
the program has a flaw that allows the user to break out of the inten-
ded use of the program, then the system can be compromised.
Sticky bit:
The sticky bit(also called the saved text bit) is the last permission
bit remaining to be discussed. It applies to both regular files and
directories. When applied to a regular file, it ensures that the text
image of a program with the bit set is permanently kept in the swap
area so that it can be reloaded quickly when the program's turn to use
the CPU arrives. Previously, it made sense to have this bit set for
programs like vi and emacs. Today,machines with ultra-fast disk drives
and lots of cheap memory don't need this bit for ordinary files and
that is also useless.
However, the sticky bit become a useful security feature when used
with a directory. The UNIX/Linux system allows users to create files
in /tmp, but none can delete files not owned by him. That's possible
because sticky bit set for /tmp directory.
The /tmp directory is typically world-writable and looks like this
in a listing:
# ls -ld /tmp
drwxrwxrwt 32 root root 36864 Mar 27 12:38 /tmp
Everyone can read,write and access the directory.The t indicates that
only the user (root and owner of the directory,of course) that created
a file in this directory can delete that file.
In order to set or to remove the sticky bit, use the following
commands:
$ chmod +t directory or $ chmod 1754 directory
$ chmod -t directory or $ chmod 754 directory
Note: 754 permissions for a directory are powerful enough to guard
your directories from intruders with malicious intentions, that's why
I used 754 as default,if yow want you can change it.
Example:
I logged in as king and created a temp file.
$ whoami
king
$ pwd
/home/project/
$ touch temp; ls -l
-rw-r--r-- 1 king king 0 Mar 27 13:44 temp
Now logged in as venu and try to delete temp file.
$ whoami
venu
$ rm temp
rm: remove write-protected regular empty file `temp'? Y
$ ls temp
ls: temp: No such file or directory
So what happened? venu deleted file owned by king.
Assign sticky bit to the project directory.As a owner of the directory
or administrator.
# chmod +t /home/project
# ls -ld /home/project/
drwxrwxr-t 15 root development 4096 Mar 27 13:46 /home/project/
From the ls output above, you know the sticky bit is set because of
the t in the third position of the other permission set,which replaces
the x in the other permissions.
Now repeat same steps again,then you get the following message:
$ whoami
venu
$ ls -l temp
-rw-r--r-- 1 king king 0 Mar 27 17:36 temp
$ rm temp
rm: remove write-protected regular empty file `temp'? y
rm: cannot remove `temp': Operation not permitted
Observation: Login as normal user and create a file.
[venu@localhost ~]$ touch sample
[venu@localhost ~]$ ls -l sample
-rw-rw-r-- 1 venu venu 0 Dec 21 03:41 sample
Now change permissions to 644
[venu@localhost ~]$ chmod 644 sample
[venu@localhost ~]$ ls -l sample
-rw-r--r-- 1 venu venu 0 Dec 21 03:41 sample
Now assign SUID permission.
[venu@localhost ~]$ chmod u+s sample
[venu@localhost ~]$ ls -l sample
-rwSr--r-- 1 venu venu 0 Dec 21 03:41 sample
After setting SUID, if you see 'S' then it means that the file has no
executable permissions for that user.
Now remove SUID permission and change permissions to 744. Then assign
SUID permission. You should see a smaller 's' in the executable permi-
ssion position.
[venu@localhost ~]$ chmod u-s sample
[venu@localhost ~]$ chmod 744 sample
[venu@localhost ~]$ chmod u+s sample
[venu@localhost ~]$ ls -l sample
-rwsr--r-- 1 venu venu 0 Dec 21 03:41 sample
Same is applicable for SGID and Stickybit.
Saturday, March 27, 2010
Posted by venu k
84 comments | 10:51 AM
Subscribe to:
Post Comments (Atom)
Perfect explanation! thanks a lot!
ReplyDeleteNice explanation, clears all my doubts, thanks a lot !!!!!!!!!
ReplyDeleteFrom the ls output above, you know the sticky bit is set because of the s in the third position of the other permission set,which replaces
ReplyDeletethe x in the other permissions.
I think you meant 'because of the t in the third position of the other permission set'
Thank you, I modified it.
ReplyDeleteThank you a lot buddy for perfect explanation
ReplyDeletethanks buddy, its amazing informaton please keep it up
ReplyDeleteThe info is amazing!!!!
ReplyDeleteGood explanation. Thank u
ReplyDeletePlease, make some explanation, why Real GID or Effective GID show 3 numbers, e.g. 504 504 501, and which is which from these numbers, since it is uncelar from tht text.
ReplyDeleteThanks!
Following the example above, what is the purpose of assigning GID to reids.pl under king account, when permissions for others are the same as for the file owner's group? I mean, if you run the reids.pl under venu without the GID set, you will have the same permissions as when inheriting them from group's permissions, when the GID is set, don't you? Please, correct me, if I'm wrong.
ReplyDeleteThx.
I don't think the sticky bit info is relevant.
ReplyDeletedrw-r-xr-x 2 ivo ivo 1 2011-01-12 18:53 test
$ whoami
mitko
$
$ rm -R test
rm: remove write-protected directory `test'? Y
rm: remove write-protected directory `test'? Y
rm: cannot remove directory `test': Permission denied
You must have rwx permission ( to parent and all recursive if any) to remove a non-empty directory.
ReplyDeletethanks for great explanation....
ReplyDeleteThe best article about the matter I have ever read. Thank you very much!
ReplyDeleteThis is really an amazing article, I have been struggling with this concept but after reading this post I have gained lot of knowledge. you have indeed covered the topic well and with examples. great job and keep it up.
ReplyDeleteJavin
Secrets of symbolic link or symlink in Unix
Very good explanation, finally an understandable one.
ReplyDeleteCongratulations!!
nice explanation..
ReplyDeleteThanks
Thanks a lot..You explained it in a perfect manner. I appreciate it..Keep doing the good work.:-)
ReplyDeleteThank you very much. It clears all my doubts and saves my time also.
ReplyDeleteThank you very much!! Really clear and complete!
ReplyDeleteThank you very much. Your way of explanation
ReplyDeleteis very good. It clears all my boubts. You posted
observation block, I didn't observed until I read this article.
I have many doubts about sticky bit, all are cleared here.
ReplyDeleteThank you very much for your way of explanation and effort.
Thank you very much!! good explanation.
ReplyDeleteExcellent Article. Thanks.
ReplyDeletevery good explanation, I am learning more here about bash.
ReplyDeleteThank you for sharing your knowledge.
Excellent blog, I am following your blog now
ReplyDeleteExcellent way of explanation.
ReplyDeleteThank you.
Good article. It clears some of my doubts.
ReplyDeleteThank you.
Thanks, I learned a lot from this article.
ReplyDeleteNow I'm follower of your blog.
good article..thanks
ReplyDeleteIt clears all my doubt on this topic. Thank you!
ReplyDeletevery nicely explained... Thank You!
ReplyDeleteAs a long time security professional, I still little value in the "sticky bit" other than it sounds good.
ReplyDeleteThe reality is that a user can simply "cat /dev/nul > filename" and you've esentially erased it anyway. You didn't actuall "delete" the file, but it's gone none the less.
Before "Set SGID on a directory", why effective GID is 501 504 501?
ReplyDeleteIt could be 503, the default king's group...
Nice information. Thanks. www.oracle-admin.blogspot.com
ReplyDeleteHello there,
ReplyDeleteI am trying to execute this script but I don´t know if I am doing something wrong, because my effective UID is always from the user that executes the script and not the UID from the owner...See below...
Someone can give me a tip about where is my mistake on it???
---------------------------------------------------------------
aluno:~$ ls -l suid.pl
-rwsr-xr-x 1 meualuno aluno 200 Set 10 16:53 suid.pl
aluno:~$
aluno:~$ id meualuno
uid=1001(meualuno) gid=1002(meualuno) grupos=1002(meualuno),1011(curso_linux)
aluno:~$
aluno:~$ id aluno
uid=1005(aluno) gid=1009(aluno) grupos=1009(aluno),1012(alunos-dltec)
aluno:~$
aluno:~$ whoami
aluno
aluno:~$ perl suid.pl
Real UID: 1005
Real GID: 1009 1009 1012
Effective UID: 1005
Effective GID: 1009 1009 1012
aluno:~$
brilliant explanation with perfect examples.. thanks.. it cleared all my doubts regarding the topics
ReplyDeletecool...explained the concept
ReplyDeletein simple SUID means , when SUID is applied on a file , the file is executing by all users but file thinks that the file is executing by the owner.
ReplyDeleteSGID- When SGID is applied on a directory , to inherits the group ownership to the consecutive files and directories.
Stickybit- When stickybit is applied on a directory to protect the consecutive files and directories getting deleted from others even though they have full traditional file permissions.
This really a great article, Please keep doing such a fine work.
ReplyDeleteThank you very much, it saved my lot of time.
David
QuickBooks Hosting
Thanks, I learned a lot from this article. Please also discuss about firewall and security.
ReplyDeleteNow I'm follower of your blog to get update.
Thanks,
Dav
QuickBooks Hosting
very nice explained...
ReplyDeletei googled my doubts related to effective uid , sticky bit but finally got answer here...
Perfect explanation and examples !! Thank you
ReplyDeleteerudition...
ReplyDeleteGreat Work. Cheers ! Great explanation, though little confusing at a point or two but easy understandable with good examples. Keep up. Thanks a lot.
ReplyDeleteIt was very nice article and it is very useful to Linux learners.We also provide Linux online training
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteI read your article. it was very nice
ReplyDeleteQuickbooks Hostiing
Nice and Excellent topic. It clears all doubt on this topic. Thank you!
ReplyDeleteLacerte Hosting
I learn many specific information in this article ad now i easily solve my problem thanks for sharing personal statement midwifery examples .
ReplyDeleteJava Training in Chennai
ReplyDeleteOnline MVC Training India | Angularjs Training | javase j2ee javaee interview questions | Java Training in Chennai |
Java Training in CHennai
highlight the difference between S and s. missing in your article.
ReplyDeleteThank you
ReplyDelete
ReplyDeleteThanks for your marvelous posting! I quite enjoyed reading it, you happen to be a great author. I will remember to bookmark your blog and will eventually come back very soon. Go to best social plan for get more related topic. Have a nice evening!
Situs BandarQ, Poker, Domino 99 Online Terpercaya - Situs Judi Bola Online Terbesar dan Terpercaya Indonesia
Thanks for sharing your info. I really appreciate your efforts and I will be waiting for your further write.
ReplyDeleteThanks for sharing !
great post
ReplyDeletegood site and post
ReplyDeletegood and nice post thank you
ReplyDeletePoker Online Indonesia
thanks for sharing great information with us. meet and fuck
ReplyDelete
ReplyDeletejasa seo
jasa seo indonesia
jasa seo terpercaya
seo indonesia
jasa seo web judi
jasa buat website
jasa pembuatan website
Sbobet
Agen Sbobet
Agen IBcbet
agen MAXBET
Live Casino
bandar bola
judi bola
judi online
taruhan bola
domino online
agen bola
agen sbobet terpercaya
agen poker
poker online
agen poker terbaik
agen poker terpercaya
poker uang asli
situs poker
agen judi
poker online
dewapoker
agen poker terpercaya
dominoqq
capsa susun
agen judi poker
agen poker
agen judi terpercaya
agen sbobet terpercaya
agen bola,
judi bola,
BANDAR bola ONLINE terpercaya
BANDAR bola ONLINE terpercaya
agen sbobet terpercaya
judi online,
agen judi, bola online,
agen casino indonesia
ReplyDeleteagen judi sbobet
agen sbobet indonesia
agen sbo
agen sbobet terpercaya
agen sbobet
agen sbo terpercaya
agen judi terpercaya
sbosports
agent sbobet
agen sbobet indonesia
bandar judi terpercaya
agen judi bola terpercaya
agen judi ibcbet
sbobet indonesia
agen bola online
bandar judi bola
master agen betting online
bandar bola sbobet terpercaya
judi online
BANDARQ
Agen Poker
situs poker
poker online
Judi Poker Online
situs poker online terpercaya
Poker Online Terpercaya
poker uang asli
Domino QQ
Domino Poker
Capsa Online
QQ Online
Ceme Online
Blackjack Online
Poker Online Indonesia
Agen poker online
poker online asli
agen poker terbaik
agen poker terpercaya
situs poker uang asli
agen bola terpercaya
pasang bola
judi bola online
agen bola terpercaya
agen bola online terpercaya
prediksi bola online
jadwal bola online
judi bola online
Agen bola
Judi Online
Agen Bola Online
casino online terbaik
casino online
judi online
agen casino online
judi live casino
http://www.jalatoto.com/
ReplyDeletehttp://www.grouptoto.com/
http://www.totoarena.net/
http://jalatogel.com/
http://www.datapaitosgp.live/
http://indo-porn.com/
http://tvfilmbokep.com/
http://www.pokerarena88.com/register.php
http://www.mari-sehat.com/
http://www.pvndaweb.com/
I’ll be sure to bookmark it and return to read more of your useful info.
ReplyDeleteThank you Information that you convey is very useful, waiting for the next update friend, Greetings Success :)
ReplyDeleteAmazing content of this article inspiring many thanks
ReplyDeleteNonton Movie
It’s really a great and useful piece of information. I’m glad that you just shared this helpful information with us.
ReplyDeletePlease stay us informed like this. Thanks for sharing. ??
SBOBET
Maxbet
Agen Bola
Agen Bola Terpercaya
Poker Online Indonesia Terpercaya
Poker Online Indonesia
Agen Poker Online
Poker Online
DellPoker
DellPoker
This Information is very nice, I like this website
ReplyDeleteCara Daftar Sbobet Di Bandar Judi
Nice, Great website Thanks For Sharing
ReplyDeleteI like and very happy to read this article and I also like your blog very good
ReplyDeletetogel online
Excellent Post, thanks for sharing.
ReplyDeleteprofile pics
jadid
celebrexcheapestpricebuy
ReplyDeletejapanesefans
bestsexy
grosir-obat
icoivegas2013
memomatique
agenpialadunia
caradaftarsbobet
great information ,, glad to see this , very good
ReplyDeleteAgen Bola
Judi Bola
Live Casino
Agen Sbobet
Sbobet Online
Daftar Sbobet
Sbobet Casino
Casino Online
Joker123
Joker Gaming
Hi mate, do u know about dedicated server? i need this information.. because i have managed 100 blogs and this examples of my blogs..
ReplyDeletehttp://pasukanjudiqq288.com/
http://pokeronlineqqmansion.com/
http://pasukanjudiqq101.net/
http://judicasinoqq724.net/
http://agensportsbookqqmansion.com
I believe there are many more pleasurable opportunities ahead for individuals that looked at your site...
ReplyDeleteEmbedded System training in Chennai | Embedded system training institute in chennai | PLC Training institute in chennai | IEEE final year projects in chennai | VLSI training institute in chennai
Good jobs
ReplyDeletePREDIKSI TOGEL
NONTON MOVIE ONLINE
CERITA DEWASA
FILM BOKEP
DAFTAR LAPAKQQ
DominoQQ
LAPAKQQ
AGEN BOLA
togel singapura
ReplyDeletejudi online
bagas31
dunia21
ReplyDeletesitus judi online
this is really impressive i hope i see more from this post
I would appreciate to your form of sharing information. I look forward to many informative post.
ReplyDeletehttp://juvenas.com/
Thank you. This looks like it's going to be helpful as I plan my book launch
ReplyDeletehttp://torrentinfotech.com
Situs QQ
ReplyDeleteQQ Online
BandarQ Online
Agen BandarQ
Poker Online Terpercaya
poker terpercaya
ReplyDeletepoker online
judi bola
ReplyDeleteprediksi bola
thanks gan
ReplyDeletenonton movie
mantap gan
ReplyDeleteNonton Film Online