setuid shell scripts

G. Ewing greg at cantuar.UUCP
Thu Nov 17 12:28:03 AEST 1988


Chris Torek (chris at mimsy.UUCP) writes:
>In article <855 at cantuar.UUCP> greg at cantuar.UUCP (G. Ewing) writes:
>>and Chris Torek indicated in an earlier posting that there was a
>>problem that was *completely independent* of shell semantics.
>
>I hope that this is a paraphrase, for I did not mean that.  If the
>interpreter does nothing with the script, there are no setid problems.

Thanks for the clarification. I don't remember your exact words, but
whatever they were, they gave me that impression, causing great
confusion.

>there are no known uses for the (now disallowed) kernel
>invocation of set-id #! scripts that are also secure.

Just because nobody is using it now doesn't mean that there is
no use for it!

An interpreter for some programming language could be written
that was careful to check the mode and owner of any file that it
was about to execute, and if it was setu(g)id, refuse to continue
if its owner(group) didn't match the process's effective u(g)id.

Correct me if I'm wrong, but as things stand, this ought to be
safe, oughtn't it?

If so, disabling setuid #! files in the kernel removes a potentially
useful facility unnecessarily, and seems to me an excessively
drastic action to take.

Greg Ewing				Internet: greg at cantuar.uucp
Spearnet: greg at nz.ac.cantuar		Telecom: +64 3 667 001 x8357
UUCP:	  ...!{watmath,munnari,mcvax,vuwcomp}!cantuar!greg
Post:	  Computer Science Dept, Univ. of Canterbury, Christchurch, New Zealand
Disclaimer: The presence of this disclaimer in no way implies any disclaimer.



More information about the Comp.unix.wizards mailing list