Date: Thu, 20 Jun 2002 08:00:14 -0700 (PDT) From: Ceri Davies <setantae@submonkey.net> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/39573: uid 0 check in install.sh in 4.6-disc1.iso can be circumvented Message-ID: <200206201500.g5KF0E498350@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/39573; it has been noted by GNATS. From: Ceri Davies <setantae@submonkey.net> To: Vasil Dimov <vd@etrade.bg> Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: bin/39573: uid 0 check in install.sh in 4.6-disc1.iso can be circumvented Date: Thu, 20 Jun 2002 15:57:06 +0100 On Thu, Jun 20, 2002 at 07:00:36AM -0700, Vasil Dimov wrote: > all the scripts named install.sh in the 4.6-disc1.iso > MD5 (4.6-disc1.iso) = 99666e6f33820af3b060734203202e35 > use the same check to ensure the caller is uid 0: > > if [ "`id -u`" != "0" ]; then > echo "Sorry, this must be done as root." > exit 1 > fi > > which can be easily passed by nonuid0 users, probably > causing "Permission denied" in the following commands. > > $ echo "echo 0" > ~/bin/id > $ chmod 700 ~/bin/id > $ export PATH=~/bin:$PATH > > $ ./bin/install.sh > You are about to extract the base distribution into / - are you SURE > you want to do this over your installed system (y/n)? n If you really want to go to all that trouble to circumvent the id check then you deserve all you get. Note that there's nothing to prevent a normal user running the "meat" of install.sh on their own anyway : cat bin.?? | tar --unlink -xpzf - -C ${DESTDIR:-/} but it won't get them far. In short, the id check isn't intended as a security measure, it's just a polite reminder that you're about to waste your time if you aren't already root. Ceri -- you can't see when light's so strong you can't see when light is gone To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206201500.g5KF0E498350>