Date: Wed, 11 Jun 1997 12:27:43 -0400 (EDT) From: Steve Hovey <shovey@buffnet.net> To: "Paul T. Root" <proot@horton.iaces.com> Cc: ellis@kcc.com, freebsd-questions@FreeBSD.ORG Subject: Re: Set execution UID on script Message-ID: <Pine.BSI.3.95.970611122715.12201F-100000@buffnet11.buffnet.net> In-Reply-To: <199706111447.JAA25743@horton.iaces.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Im pretty sure - if you want a script to run suid, you need to wrap a
program around it that runs suid and then calls it - I think thats why
majordomo has a program called 'wrapper'
On Wed, 11 Jun 1997, Paul T. Root wrote:
> In a previous message, Steve Hovey said:
> >
> > Shell scripts cant be suid for security reasons.
>
> They certainly aren't a good idea, but are they disabled?
>
> Here's a Setuid perl script that does the trick. You will
> need to build perl5.004 (as prior versions have a security
> hole discovered a couple of weeks ago). Enable setuid emulation.
>
>
> Note, I do a little redundant checking of the pid (both the
> file and ps) to give a better feeling that someone didn't
> write a fake named that execs a (root) shell on a HUP.
>
> #!/usr/local/bin/suidperl
>
> require "tainted.pl";
>
> $ENV{'PATH'} = '/usr/bin';
> $PIDFILE = "/var/run/named.pid";
>
> open (PID, "<$PIDFILE") || die "Couldn't open $PIDFILE";
> $pid = <PID>;
> chop ($pid);
> close (PID);
>
> #
> # Get the process id of in.named.
> #
> open (PS, "/bin/ps -ax |" ) || die "Couldn't exec ps";
>
> while (<PS>) {
> last if ( grep ( /named/, $_ ));
> }
>
> # Untaint the pid.
> $_ =~ /\s*(\d+)\s.*/;
> $upid = $1;
>
> # Just to be sure
> die "$pid != $upid" if ($pid != $upid);
> die "$upid is tainted" if (&tainted ($upid));
>
> #
> # send the HUP signal to in.named
> #
> kill("HUP",$upid);
>
>
>
>
> > On Tue, 10 Jun 1997, Joshua J. Ellis wrote:
> >
> > >
> > > I'm missing something on a script I'm attempting to setup for an
> > > administration group. The script is this:
> > >
> > > #!/bin/sh
> > > kill -hup `cat /var/run/named.hup`
> > >
> > > I then do a "chown root:staff rs-named" followed by a "chmod 6750 rs-named".
> 4750 would be sufficient, you don't need to setgid.
>
>
> > > That gives me an set of permissions like this:
> > >
> > > -rwsr-s--- 1 root staff 46 Jun 10 16:56 rs-named
> > >
> > > Shouldn't this allow users of the 'staff' group to successfully execute this
> > > command? When I try to execute it as anyone but root, I get the following
> > > error:
> > >
> > > kill: 230: Operation not permitted
> > >
> > > 230 is the PID of named. If it is executing as root, why is kill refusing to
> > > send a message to the process?
> > >
> > > -joshua
> > > --
> > > ****[ S-D-G ]***************************************[-0.8090169943749]***
> > > Joshua Ellis, IS Consultant - Omni Resources, Green Bay, WI (800)236-2332
> > > ellis@kcc.com http://www.kimberly-clark.com
> > > joshe@elltech.com http://www.joshua.elltech.com
> > > > poet-apostate-philosopher-musician-pinhead-hwarang-webmaestro-japh <
> > > *************************************************************************
> > >
> > >
> > >
> >
> >
> >
>
>
> --
> It is possible to fly without motors, but not without knowledge and skill.
> -- Wilbur Wright
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.95.970611122715.12201F-100000>