Guide to writing secure setuid programs?

00704a-Liber nevin1 at ihlpf.ATT.COM
Wed Mar 16 10:07:47 AEST 1988


In article <700 at virginia.acc.virginia.edu> scl at virginia.acc.Virginia.EDU (Steve Losen) writes:
>I have no guide for writing setuid programs, but here are a few
>ideas that come to mind:
>
>[All sorts of good setuid precautions]

Most of the programs that non-SA's write that use setuid could just as easily
use setgid with a unique gid for all the files that need to be affected.  For
example:  I recently wrote a utility that needed to log user's requests.  I
created a group (let's call it SGROUP) different than my default group, did a
'chgrp SGROUP utility', 'chmod 2711 utility' (setgid bit), 'chgrp SGROUP
directory', 'chmod 770 directory', 'chgrp SGROUP logfile', and 'chmod 660
logfile' (you do need to create the logfile yourself; otherwise, you won't own
it).  This, along with the other precautions mentioned in the previous article,
should be sufficient for many programs which require access to files which are
not owned.

One more thing:  NEVER HAVE THE SETUID (SETGID) BIT SET ON A FILE WHICH THE
WORLD HAS WRITE PRIVILEGES ON!!!  On many systems writing to a file does not
turn off the setuid/setgid bit; if you let the world write to this file, you
are just waiting for a disaster to happen!!

Hope this helps,
-- 
 _ __			NEVIN J. LIBER	..!ihnp4!ihlpf!nevin1	(312) 510-6194
' )  )				"The secret compartment of my ring I fill
 /  / _ , __o  ____		 with an Underdog super-energy pill."
/  (_</_\/ <__/ / <_	These are solely MY opinions, not AT&T's, blah blah blah



More information about the Comp.unix.wizards mailing list