setuid shell scripts (was: Re: Running processes as root)
Chris Torek
chris at mimsy.umd.edu
Wed Oct 25 02:42:28 AEST 1989
In article <20329 at mimsy.umd.edu> (look, domain names now!) I wrote:
>\On all of the BSD derivatives on which setuid scripts run setuid,
>\all such setuid scripts are not secure.
In article <3789 at solo6.cs.vu.nl> maart at cs.vu.nl (Maarten Litmaath) writes:
>It almost never happens, but this time you seem to be wrong, Chris!
Not really, because I meant `if you write /etc/foo, make it setuid, start
it with ``#! /bin/csh -bf'', and run it, and it runs setuid, then it is
not secure.'
>\You have to write at least one C program.
>Indeed: /bin/indir! (Formerly /bin/setuid.)
I am not going to promise that /bin/indir will do the trick (having
seen too many ways to fool too many shells), but by using /bin/indir
you have met my restriction (`at least one C program'). I should
rephrase it:
Given the current kernel implementation, a setuid script is
not secure unless its `setuid-ness' is provided by a separate
C program that makes additional security checks (and possibly
still not even then).
--
`They were supposed to be green.'
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163)
Domain: chris at cs.umd.edu Path: uunet!mimsy!chris
More information about the Comp.unix.questions
mailing list