Date: Thu, 23 Jul 2009 18:15:57 +0200 From: Ivan Voras <ivoras@freebsd.org> To: freebsd-hackers@freebsd.org Subject: Re: SGID/SUID on scripts Message-ID: <h4a2br$4mc$1@ger.gmane.org> In-Reply-To: <4A6795E7.7020700@darkbsd.org> References: <19939654343.20090722214221@mail.ru> <4A6795E7.7020700@darkbsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
DarkSoul wrote: > Anthony Pankov wrote: >> SGID/SUID bits don't work with shell scripts, do they? >> >> And no mention in chmod(1,2) manual. > > They don't. > > One reason for this, is that if they were applied, the following would > occur : > - execve() syscall reads your script's shebang line, and the script > interpreter is executed, receiving the specified arguments along with > the script name. > - The interpreter then open()s the script file to read it, and run the code. > > The problem you then are faced with, is that you have a time frame > defined by the moment between the aforementioned execve() and open(), > during which it could be possible to unlink/move/whatever the shell > script the interpreter is going to open. > > You guess where this is going, you have no absolute way of guaranteeing > you are executing the file you initially planned on opening because > execution/opening/reading is not, and can't be done atomically for shell > scripts. Hmm... Presumingly, the biggest concern is with scripts owned by root. Who can unlink, move or change the script? The owner and his group can change it; the directory owner can unlink it. It looks like the targetted problem is if a root creates a script in a user-owned directory and then makes it suid. It looks more like a PEBKAC then a system problem - is it really so serious there is no sysctl to disable the check?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?h4a2br$4mc$1>