Date: Mon, 24 Feb 1997 10:46:21 -0800 From: Julian Elischer <julian@whistle.com> To: Adrian Chadd <adrian@obiwan.aceonline.com.au> Cc: Jake Hamby <jehamby@lightside.com>, hackers@freebsd.org, auditors@freebsd.org Subject: Re: disallow setuid root shells? Message-ID: <3311E1FD.167EB0E7@whistle.com> References: <Pine.BSF.3.95q.960108043026.5974A-100000@obiwan.aceonline.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Adrian Chadd wrote: > > On Sun, 23 Feb 1997, Jake Hamby wrote: > > access. Under Solaris, I've discovered that none of the standard shells > > will allow a user to gain root privileges through a setuid root shell! > > > > The sh and ksh shells will run, but the user will have their normal > > privileges. Csh (and interestingly enough tcsh) print "Permission denied" > > and exit when run with the setuid bit set. > > > > Since i'm reviewing /bin/sh and /bin/csh, it might make an interesting > addition. Anyone see any use for +s'ed shells ? Anything it can do, sudo > can do (and sudo AFAIK is much smaller, so less code to screw around > with), and I think its a good idea. > > Suggestions ? well the security audit should pick up any new suid files each night, and if they broke root they're not going to have any problem writing something simpler, but I guess the question is: Does it make it more inconvenient for them? does it make it more likely that they will slip up? does is also make it much more inconvenient for OTHER people? (legit users) personally it breaks the principle of least surprise.. forces people to develop other methods and thereby muddies the waters.. It's not a bad I dea but I'd vote against it.. (however I MIGHT think about adding LOGGING of such an event? :) (in the same way that su logs.) >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3311E1FD.167EB0E7>