bsh & ksh running setuid
David Fricker
fsfrick at bones.lerc.nasa.gov
Tue Apr 30 22:15:32 AEST 1991
In article <1991Apr29.200328.5668 at ico.isc.com> rcd at ico.isc.com (Dick Dunn) writes:
>fsfrick at bones.lerc.nasa.gov (David Fricker) writes:
>> FYI: under AIXv3.1 release 3003, bsh & ksh do NOT ignore the
>> setuid bits when running a script...
>...
>> So, if you want scripts to run setuid and you have release 3003, you
>> may want to save a copy of the bsh & ksh binaries.
>
>1. I'm not clear on how this is a property of the shells, rather than
>the OS. Seems that the shell isn't going to be able to alter its own uid;
>it needs kernel help at exec() time.
>
The kernel supports #!/bin/xxsh, and it calls the requested interpreter.
When '/bin/csh' finds itself setuid, it dies or ignores the suid bit.
When '/bin/bsh' or '/bin/ksh' finds itself setuid, it DOS NOT die or ignore
the suid bit.
The key is that the shell _IS_ executing setuid scripts and changing ids.
The bourne shell executes the script schizoid--effective & real userids
are NOT the same during the execution of the script's commands.
'csh', however, refuses to run in this fashion (as the documentation says).
Dick Dunn also wrote:
>2. For those who haven't run into this before: Note that setuid shell
>scripts are a security sieve.
>--
True. However, our site still has some setuid shell scripts that are
'standard'. The vulnerability is recognized.
--
-----------------------------------------------------------------------------
David Fricker | phone: 216-433-5960
NASA Lewis Research Center | M.S. 5-11
Cleveland, Ohio 44135 | email: fsfrick at bones.lerc.nasa.gov
More information about the Comp.unix.aix
mailing list