setuid shell scripts
System Mangler
mangler at cit-vax.Caltech.Edu
Sun Nov 30 14:25:37 AEST 1986
In article <1112 at decuac.DEC.COM>, avolio at decuac.DEC.COM (Frederick M. Avolio) writes:
> #! /bin/sh
> date
> exit 0
>
> and has the setuid bit set and is owned by root and readable by anyone
> is like having no password on the root account. ^^^^^^^^
Make that "executable", not "readable".
In case it is not COMPLETELY clear yet: the example can be shortened to
#!/bin/sh
i.e. no commands at all, and it still gives the opportunist an unrestricted
setuid shell, just by running it with argv[0] starting with "-", which can
be typed in a few seconds. This is true of both sh and csh, with or without
-f. The only way to prevent this abuse is to not allow execute access.
Better yet, DON'T MAKE SETUID SHELL SCRIPTS. Delete the ones you have.
(Yes, we got munched in this way. Funny thing was, the setuid-root shell
script was created by the same superuser who makes the biggest fuss about
security... So I don't believe in hushing up security holes).
Don Speck speck at vlsi.caltech.edu {seismo,rutgers,ames}!cit-vax!speck
More information about the Comp.unix.questions
mailing list