Date: Wed, 11 Jun 1997 09:47:12 -0500 (CDT) From: "Paul T. Root" <proot@horton.iaces.com> To: shovey@buffnet.net (Steve Hovey) Cc: ellis@kcc.com, freebsd-questions@FreeBSD.ORG Subject: Re: Set execution UID on script Message-ID: <199706111447.JAA25743@horton.iaces.com> In-Reply-To: <Pine.BSI.3.95.970611092114.9324C-100000@buffnet11.buffnet.net> from Steve Hovey at "Jun 11, 97 09:21:25 am"
next in thread | previous in thread | raw e-mail | index | archive | help
In a previous message, Steve Hovey said:
>
> Shell scripts cant be suid for security reasons.
They certainly aren't a good idea, but are they disabled?
Here's a Setuid perl script that does the trick. You will
need to build perl5.004 (as prior versions have a security
hole discovered a couple of weeks ago). Enable setuid emulation.
Note, I do a little redundant checking of the pid (both the
file and ps) to give a better feeling that someone didn't
write a fake named that execs a (root) shell on a HUP.
#!/usr/local/bin/suidperl
require "tainted.pl";
$ENV{'PATH'} = '/usr/bin';
$PIDFILE = "/var/run/named.pid";
open (PID, "<$PIDFILE") || die "Couldn't open $PIDFILE";
$pid = <PID>;
chop ($pid);
close (PID);
#
# Get the process id of in.named.
#
open (PS, "/bin/ps -ax |" ) || die "Couldn't exec ps";
while (<PS>) {
last if ( grep ( /named/, $_ ));
}
# Untaint the pid.
$_ =~ /\s*(\d+)\s.*/;
$upid = $1;
# Just to be sure
die "$pid != $upid" if ($pid != $upid);
die "$upid is tainted" if (&tainted ($upid));
#
# send the HUP signal to in.named
#
kill("HUP",$upid);
> On Tue, 10 Jun 1997, Joshua J. Ellis wrote:
>
> >
> > I'm missing something on a script I'm attempting to setup for an
> > administration group. The script is this:
> >
> > #!/bin/sh
> > kill -hup `cat /var/run/named.hup`
> >
> > I then do a "chown root:staff rs-named" followed by a "chmod 6750 rs-named".
4750 would be sufficient, you don't need to setgid.
> > That gives me an set of permissions like this:
> >
> > -rwsr-s--- 1 root staff 46 Jun 10 16:56 rs-named
> >
> > Shouldn't this allow users of the 'staff' group to successfully execute this
> > command? When I try to execute it as anyone but root, I get the following
> > error:
> >
> > kill: 230: Operation not permitted
> >
> > 230 is the PID of named. If it is executing as root, why is kill refusing to
> > send a message to the process?
> >
> > -joshua
> > --
> > ****[ S-D-G ]***************************************[-0.8090169943749]***
> > Joshua Ellis, IS Consultant - Omni Resources, Green Bay, WI (800)236-2332
> > ellis@kcc.com http://www.kimberly-clark.com
> > joshe@elltech.com http://www.joshua.elltech.com
> > > poet-apostate-philosopher-musician-pinhead-hwarang-webmaestro-japh <
> > *************************************************************************
> >
> >
> >
>
>
>
--
It is possible to fly without motors, but not without knowledge and skill.
-- Wilbur Wright
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199706111447.JAA25743>