Date: Mon, 8 Jan 1996 04:35:15 +0800 (WST) From: Adrian Chadd <adrian@obiwan.aceonline.com.au> To: Jake Hamby <jehamby@lightside.com> Cc: hackers@freebsd.org, auditors@freebsd.org Subject: Re: disallow setuid root shells? Message-ID: <Pine.BSF.3.95q.960108043026.5974A-100000@obiwan.aceonline.com.au> In-Reply-To: <199702240549.VAA01306@lightside.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 23 Feb 1997, Jake Hamby wrote: > In light of the recent security review, here's something that I've wondered > about ever since I noticed it. Often, after hacking the root account, a > malicious user will hide a setuid-root shell as a back door to allow future > access. Under Solaris, I've discovered that none of the standard shells > will allow a user to gain root privileges through a setuid root shell! > > The sh and ksh shells will run, but the user will have their normal > privileges. Csh (and interestingly enough tcsh) print "Permission denied" > and exit when run with the setuid bit set. > Since i'm reviewing /bin/sh and /bin/csh, it might make an interesting addition. Anyone see any use for +s'ed shells ? Anything it can do, sudo can do (and sudo AFAIK is much smaller, so less code to screw around with), and I think its a good idea. Suggestions ? > While we're on the topic, I've always wondered about Perl 5's configure > messages about "secure setuid scripts". What exactly makes an OS capable of > hosting "secure" Perl or shell scripts, and what does this have to do with > the /dev/fd directory (that Perl searches for)? > Well, Linux and FreeBSD (from what I've seen) disable set-uid shell scripts by default - too easy to break though playing with the environment, and stuff like that. From what I remember, perl has a c-wrapper that it runs before running a setuid shell script that fixes up the environment and other nice things, then runs the script. By default, if you use the setuid copy of perl as a script interpreter (#!/usr/bin/sperl) and it detects that the script IS setuid root, it will run it. If not, it won't run the script as root. I simply disable it on my systems. > -- Jake > Adrian Chadd <adrian@psinet.net.au>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.960108043026.5974A-100000>