setuid shell scripts

Larry Wall lwall at jpl-devvax.JPL.NASA.GOV
Fri Nov 18 19:15:32 AEST 1988


In article <862 at cantuar.UUCP> greg at cantuar.UUCP (G. Ewing) writes:
: An interpreter for some programming language could be written
: that was careful to check the mode and owner of any file that it
: was about to execute, and if it was setu(g)id, refuse to continue
: if its owner(group) didn't match the process's effective u(g)id.
: 
: Correct me if I'm wrong, but as things stand, this ought to be
: safe, oughtn't it?

Nope, sorry.  Still definitely unsafe.

If there was any way to do it, I'd have done it with perl.  I gave up and
disabled #! in my kernel, and now perl emulates set-id when necessary.
(Quite a trick disabling set-id #! in a binary only system!  I managed
it on a Vax by changing a branch, but the Sun's another story.  I'm trying
to wheedle the patch out of Sun but they're still thinking about it.
At least I hope they're still thinking about it...)

Not until a particular feature is hacked into the kernel will set-id #!
be secure again.  It may also be necessary to modify interpreters, though
there are ways to avoid that if they work it right.

Larry Wall
lwall at jpl-devvax.jpl.nasa.gov



More information about the Comp.unix.wizards mailing list