setuid shell scripts (was: Re: Running processes as root)

thomas.j.roberts tjr at cbnewsc.ATT.COM
Thu Oct 26 03:20:35 AEST 1989


>From article <3806 at solo7.cs.vu.nl>, by maart at cs.vu.nl (Maarten Litmaath):
> terryl at tekcrl.LABS.TEK.COM writes:
> 
> Yeah, one must use the #! mechanism; SO WHAT!?  I never denied that!
> And I showed how safe setuid scripts (NOTE: Chris didn't even say *shell*
> scripts) could be created.  You want an example?  Right, put the following
> in a file /etc/fubar:
> 
> 	#!/bin/sh /etc/fubar
> 	echo "Am I right or am I right?"
> 
> You're a pretty smart fellow if you can break this one (or you're root).

I run on System V, and have never used #!. However, I believe this approach
will cause serious problems:
	set IFS=c, and place an appropriate program named "e" into
	your path. The shell will execute "e" with argument 'ho Am I ...?'.

This is only one of many problems with SUID shell scripts. Fooling around
with PATH, IFS, PS1 and other internally-used environment variables can
cause the shell to do unexpected things. The problems with SUID shell-scripts
are inherent, given the tremendous complexity of the shell - even if you 
modify the shell to close all of the known "SUID holes", you will never
know when you have found them all.

Tom Roberts
att!ihnet!tjr



More information about the Comp.unix.questions mailing list