Date: Sat, 29 Aug 2009 00:17:24 -0700 From: Michael David Crawford <mdc@prgmr.com> Cc: freebsd-questions@freebsd.org Subject: Re: SUID permission on Bash script Message-ID: <4A98D604.3020303@prgmr.com> In-Reply-To: <4a98d375.W9fcoTOIN1DqRk/3%perryh@pluto.rain.com> References: <beaf3aa50908280124pbd2c760v8d51eb4ae965dedc@mail.gmail.com> <87y6p4pbd0.fsf@kobe.laptop> <20090829022431.5841d4de@gumby.homeunix.com> <4A98A8A1.7070305@prgmr.com> <4a98d375.W9fcoTOIN1DqRk/3%perryh@pluto.rain.com>
next in thread | previous in thread | raw e-mail | index | archive | help
perryh@pluto.rain.com wrote:
> Actually, absent some careful cooperation between the kernel
> and the interpreter to prevent a race condition that can cause
> the interpreter to run (with elevated permissions) a completely
> different script than the one that was marked setuid, setuid
> scripts _are_ insecure in a way that _cannot_ be fixed by any
> degree of care that might be taken in the writing of the script.
Wow. I had no idea.
A while back a coworker asked me to help figure out why he couldn't get
his script to run setuid on Linux. Some investigation turned up that
the Linux kernel explicitly forbids setuid programs whose first two
bytes are # and !.
So it disables even setuid scripts that don't use the shell, like Python
or Perl scripts.
I came across a page that explained all the different ways setuid
scripts could screw up - one would have to be a rocket scientist to
avoid all the potential pitfalls.
Mike
--
Michael David Crawford
mdc@prgmr.com
prgmr.com - We Don't Assume You Are Stupid.
Xen-Powered Virtual Private Servers: http://prgmr.com/xen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A98D604.3020303>