setuid shell scripts (was: Re: Running processes as root)
terryl at tekcrl.LABS.TEK.COM
terryl at tekcrl.LABS.TEK.COM
Wed Oct 25 14:12:10 AEST 1989
In article <3803 at solo7.cs.vu.nl> maart at cs.vu.nl (Maarten Litmaath) writes:
+chris at mimsy.umd.edu (Chris Torek) writes:
+\In article <20329 at mimsy.umd.edu> (look, domain names now!) I wrote:
+\>\On all of the BSD derivatives on which setuid scripts run setuid,
+\>\all such setuid scripts are not secure.
+\
+\In article <3789 at solo6.cs.vu.nl> maart at cs.vu.nl (Maarten Litmaath) writes:
+\>It almost never happens, but this time you seem to be wrong, Chris!
+\
+\Not really, because I meant `if you write /etc/foo, make it setuid, start
+\it with ``#! /bin/csh -bf'', and run it, and it runs setuid, then it is
+\not secure.'
+
+I'm sure this was what you meant, but it wasn't what you said! (Check again.)
+Allright, you have already posted an article explaining the race condition,
+but here's another story anyway, which explains how indir(1) can get things
+right. Enjoy.
Not to pick nits, but Chris was *right* *both* times. As you have quoted
him above, he said "On all of the BSD derivatives on which setuid scripts run
setuid, all such setuid scripts are not secure."; implicit in this sentence
is the fact that the only way to get a setuid script to run setuid, one must
use the #! mechanism. So while Chris did not spell this out explicitly in his
first posting, he did in his second. But he was still right the first time...
Terry Laskodi
of
Tektronix
PS:
Is it time to post another way to breach security with a setuid shell
script that does NOT depend on the race condition with "unlink"????
More information about the Comp.unix.questions
mailing list