Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 11 Jun 1997 09:47:12 -0500 (CDT)
From:      "Paul T. Root" <proot@horton.iaces.com>
To:        shovey@buffnet.net (Steve Hovey)
Cc:        ellis@kcc.com, freebsd-questions@FreeBSD.ORG
Subject:   Re: Set execution UID on script
Message-ID:  <199706111447.JAA25743@horton.iaces.com>
In-Reply-To: <Pine.BSI.3.95.970611092114.9324C-100000@buffnet11.buffnet.net> from Steve Hovey at "Jun 11, 97 09:21:25 am"

next in thread | previous in thread | raw e-mail | index | archive | help
In a previous message, Steve Hovey said:
> 
> Shell scripts cant be suid for security reasons.

They certainly aren't a good idea, but are they disabled?

Here's a Setuid perl script that does the trick. You will
need to build perl5.004 (as prior versions have a security
hole discovered a couple of weeks ago). Enable setuid emulation.


Note, I do a little redundant checking of the pid (both the
file and ps) to give a better feeling that someone didn't
write a fake named that execs a (root) shell on a HUP.

#!/usr/local/bin/suidperl
 
require "tainted.pl";
 
$ENV{'PATH'} = '/usr/bin';
$PIDFILE = "/var/run/named.pid";
 
open (PID, "<$PIDFILE") || die "Couldn't open $PIDFILE";
$pid = <PID>;
chop ($pid); 
close (PID);
 
#
# Get the process id of in.named.
#
open (PS, "/bin/ps -ax |" ) || die "Couldn't exec ps";
 
while (<PS>) {
        last if ( grep ( /named/, $_ ));
}
 
# Untaint the pid.
$_ =~ /\s*(\d+)\s.*/;
$upid = $1;
 
# Just to be sure
die "$pid != $upid" if ($pid != $upid); 
die "$upid is tainted" if (&tainted ($upid));
 
#
#  send the HUP signal to in.named
#
kill("HUP",$upid);




> On Tue, 10 Jun 1997, Joshua J. Ellis wrote:
> 
> > 
> > I'm missing something on a script I'm attempting to setup for an 
> > administration group.  The script is this:
> > 
> > #!/bin/sh
> > kill -hup `cat /var/run/named.hup`
> > 
> > I then do a "chown root:staff rs-named" followed by a "chmod 6750 rs-named". 
4750 would be sufficient, you don't need to setgid.


> >  That gives me an set of permissions like this:
> > 
> > -rwsr-s---  1 root  staff      46 Jun 10 16:56 rs-named
> > 
> > Shouldn't this allow users of the 'staff' group to successfully execute this 
> > command?  When I try to execute it as anyone but root, I get the following 
> > error:
> > 
> > kill: 230: Operation not permitted
> > 
> > 230 is the PID of named.  If it is executing as root, why is kill refusing to 
> > send a message to the process?
> > 
> > -joshua
> > --
> > ****[ S-D-G ]***************************************[-0.8090169943749]***
> > Joshua Ellis, IS Consultant - Omni Resources, Green Bay, WI (800)236-2332
> > ellis@kcc.com                               http://www.kimberly-clark.com
> > joshe@elltech.com                           http://www.joshua.elltech.com
> >  > poet-apostate-philosopher-musician-pinhead-hwarang-webmaestro-japh <
> > *************************************************************************
> > 
> > 
> > 
> 
> 
> 


-- 
It is possible to fly without motors, but not without knowledge and skill.
                       -- Wilbur Wright      



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199706111447.JAA25743>