bsh & ksh running setuid
Robert Earl
rearl at gnu.ai.mit.edu
Tue Apr 30 10:35:00 AEST 1991
In article <1991Apr29.200328.5668 at ico.isc.com> rcd at ico.isc.com (Dick Dunn) writes:
| fsfrick at bones.lerc.nasa.gov (David Fricker) writes:
| > FYI: under AIXv3.1 release 3003, bsh & ksh do NOT ignore the
| > setuid bits when running a script...
| ...
| > So, if you want scripts to run setuid and you have release 3003, you
| > may want to save a copy of the bsh & ksh binaries.
|
| 1. I'm not clear on how this is a property of the shells, rather than
| the OS. Seems that the shell isn't going to be able to alter its own uid;
| it needs kernel help at exec() time.
I talked to the original poster because I was unclear as well; we
determined this: The shell finds out if it's running setuid, and if
so, refuses to continue interpreting the script. A noble idea, I
suppose, but it's 1) Too Late and 2) not the shell's place to decide!
| 2. For those who haven't run into this before: Note that setuid shell
| scripts are a security sieve.
Indeed. What's going to stop trusting_sysadmin from writing a faulty
awk or bash script?
Please note that I'm not advocating or questioning disabling setuid
scripts from within the kernel, I'm only saying that putting this
responsibility in the shell is asking for trouble.
--robert
More information about the Comp.unix.aix
mailing list