From owner-freebsd-questions Mon Apr 15 13:10:32 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id NAA00948 for questions-outgoing; Mon, 15 Apr 1996 13:10:32 -0700 (PDT) Received: from mistery.mcafee.com (jimd@mistery.mcafee.com [192.187.128.69]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id NAA00941 for ; Mon, 15 Apr 1996 13:10:28 -0700 (PDT) Received: (from jimd@localhost) by mistery.mcafee.com (8.6.11/8.6.9) id OAA15411; Mon, 15 Apr 1996 14:30:42 -0700 From: Jim Dennis Message-Id: <199604152130.OAA15411@mistery.mcafee.com> Subject: Re: FreeBSD 2.1 SUID To: andy.smith@reuters.com (Andy Smith) Date: Mon, 15 Apr 1996 14:30:41 -0700 (PDT) Cc: questions@freebsd.org In-Reply-To: <1722091815041996/A16461/REOA2/11A47C891500*@MHS> from "Andy Smith" at Apr 15, 96 06:09:22 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I can't answer this definitively for FreeBSD but I can say that most modern implementations of Unix (including Linux) specifically ignore the SUID flag on shell scripts. You'll probably want to consider installing sudo or converting the file to perl and running it with sperl (suidperl) or tperl (taintperl). suid shell scripts are considered to be inherently insecure due to numerous way in which they might be spoofed via aliases, environment variable, and custom-built chrooted environments. writing a "wrapper" in c which uses a system() call to run the script -- compiling that and setting the resulting binary SUID is the classic workaround to the problem. However this is also considered to be of dubious value by most security analysts that I've talked to. (Please note: I don't consider myself an expert in security -- I'm simply echoing somethings that I've read. I'd suggest the USAH -- _Unix_System_Administration_Handbook_ by Nemeth, Synder and Seebass, and O'Reilly's _Practical_Unix_Security_ by Garfinkel and Spafford (don't buy that one right now -- the second edition is due out any day now and it should be under the new title: _Practical_Unix_and_Internet_Security_). Jim Dennis, System Administrator, McAfee Associates > > I hope you can help with a small problem that I have using FreeBSD to > implement a > Firewall. > > First off let me just say that I am very impressed with FreeBSD and > have used in to implement a number of large projects, including this > one, in preference to Sun. > > The system is a Pentium PC with IDE HD, IDE SyQuest, Mitsumi CD Rom, > 32Mb RAM. > > It is FreeBSD 2.1, with a recompiled kernel, removing NFS, SCSI etc. > Most of the unused binaries have been removed from the system. > > The problem is I have a C program, that runs as user operator, with > UID 3. I need this user to be able to modify some files in /etc, so I > have a sh script that should run suid root. This script is simply > > #! /bin/sh > # > cp /usr/local/proto/weekly /etc/weekly > cp /usr/local/proto/daily /etc/daily > cp /usr/local/proto/security /etc/security > ... > Plus more of the same > > This script is called on exit from the C program. The sh script is > owned by root.wheel and has permissions -rwsr-----. So that it > 'should' suid to root as it runs, unfortunately this is not the case, > and it runs with uid 3, the operator. > > How can I get this (or any) shell script to run SUID root?? > > Thanks > > Andy > >