setuid shell scripts (was: Re: Running processes as root)
Maarten Litmaath
maart at cs.vu.nl
Wed Oct 25 18:55:05 AEST 1989
terryl at tekcrl.LABS.TEK.COM writes:
\In article <3803 at solo7.cs.vu.nl> maart at cs.vu.nl (Maarten Litmaath) writes:
\+chris at mimsy.umd.edu (Chris Torek) writes:
\+\In article <20329 at mimsy.umd.edu> (look, domain names now!) I wrote:
\+\>\On all of the BSD derivatives on which setuid scripts run setuid,
\+\>\all such setuid scripts are not secure.
\+\
\+\In article <3789 at solo6.cs.vu.nl> maart at cs.vu.nl (Maarten Litmaath) writes:
\+\>It almost never happens, but this time you seem to be wrong, Chris!
\+\
\+\Not really, because I meant `if you write /etc/foo, make it setuid, start
\+\it with ``#! /bin/csh -bf'', and run it, and it runs setuid, then it is
\+\not secure.'
\+
\+I'm sure this was what you meant, but it wasn't what you said! (Check again.)
\+Allright, you have already posted an article explaining the race condition,
\+but here's another story anyway, which explains how indir(1) can get things
\+right. Enjoy.
\
\ Not to pick nits, but Chris was *right* *both* times. As you have quoted
\him above, he said "On all of the BSD derivatives on which setuid scripts run
\setuid, all such setuid scripts are not secure."; implicit in this sentence
\is the fact that the only way to get a setuid script to run setuid, one must
\use the #! mechanism. So while Chris did not spell this out explicitly in his
\first posting, he did in his second. But he was still right the first time...
Yeah, one must use the #! mechanism; SO WHAT!? I never denied that!
And I showed how safe setuid scripts (NOTE: Chris didn't even say *shell*
scripts) could be created. You want an example? Right, put the following
in a file /etc/fubar:
#!/bin/sh /etc/fubar
echo "Am I right or am I right?"
You're a pretty smart fellow if you can break this one (or you're root).
\PS:
\ Is it time to post another way to breach security with a setuid shell
\script that does NOT depend on the race condition with "unlink"????
Yeah, go right ahead.
--
A symbolic link is a POINTER to a file, | Maarten Litmaath @ VU Amsterdam:
a hard link is the file system's GOTO. | maart at cs.vu.nl, mcsun!botter!maart
More information about the Comp.unix.questions
mailing list