setuid shell scripts
bsteve at gorgo.UUCP
bsteve at gorgo.UUCP
Sun Nov 30 19:20:00 AEST 1986
In article <13 at houligan.UUCP>, dave at murphy.UUCP (Rael's brother John) wrote:
avolio at decuac.UUCP in comp.unix.ques replied:
>> It works on BSD4.2 and 4.3 systems. ...
>> Use of this feature poses a number of security problems, since shell scripts
>> aren't usually written with security in mind. ...
>
>Regarding security problems... You may as well just write a one line
>C program that exec's the shell and make *that* setuid to root because
>having a setuid shell script causes *the exact same behavior*. In
>other words, a shell script that looks like:
>
> #! /bin/sh
> date
> exit 0
>
>and has the setuid bit set and is owned by root and readable by anyone
>is like having no password on the root account.
To be more correct, it is not even necessary that the shell script be
readable in the case of most 4.2 implementations. Setuid-root shell scripts
should simply not be used at all. Anyone unclear regarding why this is may
write me personally.
Steve Blasingame (Oklahoma City)
ihnp4!occrsh!gorgo!bsteve
bsteve at eris.berkeley.edu
More information about the Comp.unix.questions
mailing list