From owner-freebsd-hackers@FreeBSD.ORG Thu Jul 23 23:12:06 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D91C11065670 for ; Thu, 23 Jul 2009 23:12:06 +0000 (UTC) (envelope-from stephane.lapie@darkbsd.org) Received: from shinigami.darkbsd.org (shinigami.darkbsd.org [82.227.96.182]) by mx1.freebsd.org (Postfix) with ESMTP id 899088FC15 for ; Thu, 23 Jul 2009 23:12:06 +0000 (UTC) (envelope-from stephane.lapie@darkbsd.org) Received: from localhost (localhost [127.0.0.1]) by shinigami.darkbsd.org (Postfix) with ESMTP id 577D45C4C for ; Fri, 24 Jul 2009 00:54:34 +0200 (CEST) Received: from shinigami.darkbsd.org ([127.0.0.1]) by localhost (quasar.darkbsd.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E2vZtJLh0lxl for ; Fri, 24 Jul 2009 00:54:26 +0200 (CEST) Received: from [192.168.0.84] (ilyasviel.darkbsd.org [192.168.0.84]) (Authenticated sender: darksoul) by shinigami.darkbsd.org (Postfix) with ESMTPSA id 792E65C4A for ; Fri, 24 Jul 2009 00:54:26 +0200 (CEST) Message-ID: <4A68EA4A.8070102@darkbsd.org> Date: Fri, 24 Jul 2009 00:55:06 +0200 From: Stephane LAPIE User-Agent: Thunderbird 2.0.0.22 (Windows/20090605) MIME-Version: 1.0 To: freebsd-hackers@freebsd.org References: <19939654343.20090722214221@mail.ru> <4A6795E7.7020700@darkbsd.org> <4a68a02b.qjV+UOvOtUWLEPN1%perryh@pluto.rain.com> <9bbcef730907231111s2ef20e76s5a19a6270b3b5f03@mail.gmail.com> In-Reply-To: <9bbcef730907231111s2ef20e76s5a19a6270b3b5f03@mail.gmail.com> X-Enigmail-Version: 0.96.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigCBD1A03B46BFF61D318C250C" Subject: Re: SGID/SUID on scripts X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Jul 2009 23:12:07 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigCBD1A03B46BFF61D318C250C Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Ivan Voras wrote: > 2009/7/23 : >> Ivan Voras wrote: >>> Presumingly, the biggest concern is with scripts owned by root. >>> Who can unlink, move or change the script? The owner and his >>> group can change it; the directory owner can unlink it ... >> Anyone can make a link to such a script in, say, /tmp and then >> mess with the link :( Either way, allowing SUID on scripts without proper guarantees you actually run what you WANT to run, would mean that you can basically execute "whatever code you are able to slip in there" using someone else's credentials, even if not root. You could be able to modify scripts belonging to your own group, while not being able to execute them with the owner user. The point is : "ID/credential usurpation", even if not actual meaningful (on a system-level) "privilege escalation" per se can be a grave problem enough, especially in corporate environments. Therefore any implementation allowing for this behavior should not be accepted, imho. --=20 Stephane LAPIE, EPITA SRS, Promo 2005 "Even when they have digital readouts, I can't understand them." --MegaTokyo --------------enigCBD1A03B46BFF61D318C250C Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkpo6k0ACgkQ24Ql8u6TF2MnHQCfbA+GL9N7+FWib+oaqgEd6FYh Sv4AoNTx5bNR3SA8FmvrKpg3gzwWq8yw =FPXs -----END PGP SIGNATURE----- --------------enigCBD1A03B46BFF61D318C250C--