setuid shell scripts

G. Ewing greg at cantuar.UUCP
Mon Nov 21 12:23:19 AEST 1988


Larry Wall (lwall at jpl-devvax.JPL.NASA.GOV) writes:
>In article <862 at cantuar.UUCP> greg at cantuar.UUCP (G. Ewing) writes:
>: Correct me if I'm wrong, but as things stand, this ought to be
>: safe, oughtn't it?
>
>Nope, sorry.  Still definitely unsafe.

Why?

I'm probably being thick, but it seems to me that if you can find
or manufacture a fake script with the right owner and the setuid bit on,
then you can wreak havoc in any case. What am I missing here?

>I gave up and
>disabled #! in my kernel, and now perl emulates set-id when necessary.
>(Quite a trick disabling set-id #! in a binary only system!

>I'm trying
>to wheedle the patch out of Sun but they're still thinking about it.

Why go to all this bother? There seems to be agreement that you're
safe if you never create any setid scripts. So, why not just warn
your users not to do so?

(I still feel that nobbling the kernel is wrong, even if there really
is no use for it, but I'm willing to agree to differ on that.)

Greg Ewing				Internet: greg at cantuar.uucp
Spearnet: greg at nz.ac.cantuar		Telecom: +64 3 667 001 x8357
UUCP:	  ...!{watmath,munnari,mcvax,vuwcomp}!cantuar!greg
Post:	  Computer Science Dept, Univ. of Canterbury, Christchurch, New Zealand
Disclaimer: The presence of this disclaimer in no way implies any disclaimer.



More information about the Comp.unix.wizards mailing list