Date: Fri, 24 Jul 2009 00:55:06 +0200 From: Stephane LAPIE <stephane.lapie@darkbsd.org> To: freebsd-hackers@freebsd.org Subject: Re: SGID/SUID on scripts Message-ID: <4A68EA4A.8070102@darkbsd.org> In-Reply-To: <9bbcef730907231111s2ef20e76s5a19a6270b3b5f03@mail.gmail.com> References: <19939654343.20090722214221@mail.ru> <4A6795E7.7020700@darkbsd.org> <h4a2br$4mc$1@ger.gmane.org> <4a68a02b.qjV%2BUOvOtUWLEPN1%perryh@pluto.rain.com> <9bbcef730907231111s2ef20e76s5a19a6270b3b5f03@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigCBD1A03B46BFF61D318C250C Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Ivan Voras wrote: > 2009/7/23 <perryh@pluto.rain.com>: >> Ivan Voras <ivoras@freebsd.org> wrote: >>> Presumingly, the biggest concern is with scripts owned by root. >>> Who can unlink, move or change the script? The owner and his >>> group can change it; the directory owner can unlink it ... >> Anyone can make a link to such a script in, say, /tmp and then >> mess with the link :( Either way, allowing SUID on scripts without proper guarantees you actually run what you WANT to run, would mean that you can basically execute "whatever code you are able to slip in there" using someone else's credentials, even if not root. You could be able to modify scripts belonging to your own group, while not being able to execute them with the owner user. The point is : "ID/credential usurpation", even if not actual meaningful (on a system-level) "privilege escalation" per se can be a grave problem enough, especially in corporate environments. Therefore any implementation allowing for this behavior should not be accepted, imho. --=20 Stephane LAPIE, EPITA SRS, Promo 2005 "Even when they have digital readouts, I can't understand them." --MegaTokyo --------------enigCBD1A03B46BFF61D318C250C Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkpo6k0ACgkQ24Ql8u6TF2MnHQCfbA+GL9N7+FWib+oaqgEd6FYh Sv4AoNTx5bNR3SA8FmvrKpg3gzwWq8yw =FPXs -----END PGP SIGNATURE----- --------------enigCBD1A03B46BFF61D318C250C--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A68EA4A.8070102>