>>>>>>>VITAL warning on suid shell scripts <<<<<<<<<<<<<<
John Rowe
JRowe at exua.exeter.ac.uk
Wed May 15 02:30:08 AEST 1991
I'm sure (I hope!) a lot of people will post to this but IT IS VITAL so please
read:
In article <7513 at awdprime.UUCP> dcm at codesmith.austin.ibm.com
(Craig Miller) writes:
In article <9357.282caa94 at jetson.uh.edu> elee4fg at jetson.uh.edu writes:
>
>1) csh does not support suid. If your csh suid scripts file has this
> #!/bin/csh
> It won't work.
> Your need to do this in ksh
Craig>> I believe this is not an AIXism but is a BSDism. The BSD4.3
Craig>> csh source I have access to does not support suid either. This
Craig>> is documented, I believe.
suid shell scripts are a well known security NIGHTMARE. It is VERY VERY
simple to use one of these to gain TOTAL root access.
I TRIED WITH KSH UNDER AIX 3.1 (no revs) AND IT WORKED.
I, as an ordinary user, became root to do anything I liked. So
please, warn every one you know never to allow suid shell scripts. This
problem has been common knowledge for a long time but vendors are only
now starting to worry about it.
Of course it *may* have been fixed in later releases :-)
You can look for suid programs with:
find / -fstype f -perm -2000 -o -perm -4000 -print
To find out if they are compiled programs or shell scripts try:
find / -fstype f -perm -2000 -o -perm -4000 -exec file {} \;
put the output into a file and look for 'commands' 'shell' 'text' etc.
Sorry to come on so strong - what worries me is that Craig is from IBM
at Austin...
John Rowe
Exeter University Computational Physics Group
Exeter
UK
More information about the Comp.unix.aix
mailing list