Secure setuid shell scripts
Guy Harris
guy at auspex.UUCP
Thu Oct 27 03:30:44 AEST 1988
>The set-user-id shell script bug, they say, lies in the semantics of
>the file system itself. Very well:
>
>In article <14139 at mimsy.UUCP> chris at mimsy.UUCP (Chris Torek) adds:
>>...there is a way to have set-ID scripts without having
>>the kernel do it: you make the interpreter itself set-ID, and have it
>>check the ID on the script.
>
>Which naturally leads me to wonder: The semantics of the filesystem
>are presumably not dependent on whether the kernel handles set-uid
>scripts or the set-uid interpreter does (or are they?). Does the same
>security hole exist when a shell, which has been made made set-uid to
>root, executes a set-uid scrpt without the kernel's help?
I don't know that I'd say it "lies within the semantics of the file
system" in the sense you may be thinking of. It lies, in part, with the
way "#!" is implemented, and in part with the way some other system
calls work. The same security hole (at least the one I'm familiar with,
which I think is the one being discussed here) doesn't exist if the
shell is made set-UID and executes it without the kernel's help.
More information about the Comp.unix.wizards
mailing list