From owner-freebsd-questions Wed Jun 11 07:47:25 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id HAA27183 for questions-outgoing; Wed, 11 Jun 1997 07:47:25 -0700 (PDT) Received: from horton.iaces.com (root@horton.iaces.com [204.147.87.98]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id HAA27176 for ; Wed, 11 Jun 1997 07:47:23 -0700 (PDT) Received: (from proot@localhost) by horton.iaces.com (8.8.5/8.8.4) id JAA25743; Wed, 11 Jun 1997 09:47:12 -0500 (CDT) From: "Paul T. Root" Message-Id: <199706111447.JAA25743@horton.iaces.com> Subject: Re: Set execution UID on script To: shovey@buffnet.net (Steve Hovey) Date: Wed, 11 Jun 1997 09:47:12 -0500 (CDT) Cc: ellis@kcc.com, freebsd-questions@FreeBSD.ORG In-Reply-To: from Steve Hovey at "Jun 11, 97 09:21:25 am" X-Organization: !nterprise Networking Services - ACES X-Phone: (612) 663-1979 X-Fax: (612) 663-8030 X-Page: (800) SKY-PAGE PIN: 537-7270 X-Address: 200 S. 5th St., Suite 1100 X-Address: Minneapolis, MN 55402 X-Mailer: ELM [version 2.4ME+ PL22 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk In a previous message, Steve Hovey said: > > Shell scripts cant be suid for security reasons. They certainly aren't a good idea, but are they disabled? Here's a Setuid perl script that does the trick. You will need to build perl5.004 (as prior versions have a security hole discovered a couple of weeks ago). Enable setuid emulation. Note, I do a little redundant checking of the pid (both the file and ps) to give a better feeling that someone didn't write a fake named that execs a (root) shell on a HUP. #!/usr/local/bin/suidperl require "tainted.pl"; $ENV{'PATH'} = '/usr/bin'; $PIDFILE = "/var/run/named.pid"; open (PID, "<$PIDFILE") || die "Couldn't open $PIDFILE"; $pid = ; chop ($pid); close (PID); # # Get the process id of in.named. # open (PS, "/bin/ps -ax |" ) || die "Couldn't exec ps"; while () { last if ( grep ( /named/, $_ )); } # Untaint the pid. $_ =~ /\s*(\d+)\s.*/; $upid = $1; # Just to be sure die "$pid != $upid" if ($pid != $upid); die "$upid is tainted" if (&tainted ($upid)); # # send the HUP signal to in.named # kill("HUP",$upid); > On Tue, 10 Jun 1997, Joshua J. Ellis wrote: > > > > > I'm missing something on a script I'm attempting to setup for an > > administration group. The script is this: > > > > #!/bin/sh > > kill -hup `cat /var/run/named.hup` > > > > I then do a "chown root:staff rs-named" followed by a "chmod 6750 rs-named". 4750 would be sufficient, you don't need to setgid. > > That gives me an set of permissions like this: > > > > -rwsr-s--- 1 root staff 46 Jun 10 16:56 rs-named > > > > Shouldn't this allow users of the 'staff' group to successfully execute this > > command? When I try to execute it as anyone but root, I get the following > > error: > > > > kill: 230: Operation not permitted > > > > 230 is the PID of named. If it is executing as root, why is kill refusing to > > send a message to the process? > > > > -joshua > > -- > > ****[ S-D-G ]***************************************[-0.8090169943749]*** > > Joshua Ellis, IS Consultant - Omni Resources, Green Bay, WI (800)236-2332 > > ellis@kcc.com http://www.kimberly-clark.com > > joshe@elltech.com http://www.joshua.elltech.com > > > poet-apostate-philosopher-musician-pinhead-hwarang-webmaestro-japh < > > ************************************************************************* > > > > > > > > > -- It is possible to fly without motors, but not without knowledge and skill. -- Wilbur Wright