Date: Mon, 24 Feb 1997 14:51:34 -0800 From: obrien@NUXI.com (David O'Brien) To: jehamby@lightside.com (Jake Hamby) Cc: hackers@freebsd.org, auditors@freebsd.org Subject: Re: disallow setuid root shells? Message-ID: <19970224145134.KZ55495@dragon.nuxi.com> In-Reply-To: <199702242038.MAA00577@lightside.com>; from Jake Hamby on Feb 24, 1997 12:38:23 -0800 References: <199702242038.MAA00577@lightside.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jake Hamby writes:
>
> My sentiments exactly! I would think that if there was a valid reason
> for setuid root shells, then a commercial OS like Solaris would
> probably allow them (since paying customers often would rather have
> functionality than security!).
Solaris *DOES* allow them:
>From ``man sh'' on Solaris 2.5:
-p If the -p flag is present, the shell will not set the effective
user and group IDs to the real user and group IDs.
So you just need to envoke a suid0 shell by ``sh -p''. Solaris's ksh
does not have this restriction.
foo:/tmp> ll *sh
-r-sr-xr-x 1 root bin 159796 Oct 25 1995 csh*
-r-sr-xr-x 1 root bin 180856 Oct 25 1995 ksh*
-r-sr-xr-x 1 root root 87012 Oct 25 1995 sh*
foo:/tmp> id
uid=1765(obrien) gid=10(staff)
foo:/tmp> ./sh
$ id
uid=1765(obrien) gid=10(staff)
$ exit
foo:/tmp> ./sh -p
# id
uid=1765(obrien) gid=10(staff) euid=0(root)
# exit
foo:/tmp> ./ksh
# id
uid=1765(obrien) gid=10(staff) euid=0(root)
# exit
foo:/tmp> ./csh
csh: Permission denied
> While of course this will only protect against the lamest of system crackers,
> there really is no compelling reason NOT to do it,
You are changing from what is expected under Unix. Solaris did this with
requireing the ``-p'' option. Before people bothered to RTFM, many
thought they were no longer vulnerable to suid0 sh shells. And then
the truth was found....
--
-- David (obrien@NUXI.com -or- obrien@FreeBSD.org)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970224145134.KZ55495>