From owner-freebsd-questions@FreeBSD.ORG Sat Aug 29 07:17:34 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D0DF0106566C for ; Sat, 29 Aug 2009 07:17:34 +0000 (UTC) (envelope-from mdc@prgmr.com) Received: from mail.prgmr.com (mail.prgmr.com [64.62.173.114]) by mx1.freebsd.org (Postfix) with ESMTP id BE3CE8FC08 for ; Sat, 29 Aug 2009 07:17:34 +0000 (UTC) Received: from frylock.local (c-71-202-68-54.hsd1.ca.comcast.net [71.202.68.54]) by mail.prgmr.com (Postfix) with ESMTP id 6F07968B5B for ; Sat, 29 Aug 2009 00:19:29 -0700 (PDT) Message-ID: <4A98D604.3020303@prgmr.com> Date: Sat, 29 Aug 2009 00:17:24 -0700 From: Michael David Crawford Organization: Prgmr.com User-Agent: Thunderbird 2.0.0.22 (Macintosh/20090605) MIME-Version: 1.0 CC: freebsd-questions@freebsd.org References: <87y6p4pbd0.fsf@kobe.laptop> <20090829022431.5841d4de@gumby.homeunix.com> <4A98A8A1.7070305@prgmr.com> <4a98d375.W9fcoTOIN1DqRk/3%perryh@pluto.rain.com> In-Reply-To: <4a98d375.W9fcoTOIN1DqRk/3%perryh@pluto.rain.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: SUID permission on Bash script X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Aug 2009 07:17:34 -0000 perryh@pluto.rain.com wrote: > Actually, absent some careful cooperation between the kernel > and the interpreter to prevent a race condition that can cause > the interpreter to run (with elevated permissions) a completely > different script than the one that was marked setuid, setuid > scripts _are_ insecure in a way that _cannot_ be fixed by any > degree of care that might be taken in the writing of the script. Wow. I had no idea. A while back a coworker asked me to help figure out why he couldn't get his script to run setuid on Linux. Some investigation turned up that the Linux kernel explicitly forbids setuid programs whose first two bytes are # and !. So it disables even setuid scripts that don't use the shell, like Python or Perl scripts. I came across a page that explained all the different ways setuid scripts could screw up - one would have to be a rocket scientist to avoid all the potential pitfalls. Mike -- Michael David Crawford mdc@prgmr.com prgmr.com - We Don't Assume You Are Stupid. Xen-Powered Virtual Private Servers: http://prgmr.com/xen