Guide to writing secure setuid programs?

Stephen J. Friedl friedl at vsi.UUCP
Fri Mar 25 05:44:28 AEST 1988 

In article <347 at wsccs.UUCP>, terry at wsccs.UUCP (terry) writes:
< In article <386 at vsi.UUCP>, friedl at vsi.UUCP (Stephen J. Friedl) writes:
< > setuid and setgid programs should be mode --x--x--x so people
< > like me :-) can't look at them.  When digging for holes on a
< > machine the first thing I do is run strings on the set[ug]id
< > programs to look for the standard holes -- you can recognize them
< > after a while.
< 
< 	That's totally useless on machines where you have to load a software
< emulator to run a program (say 286 programs on uPort 386).  In addition, a
< smart programmer will use 'strip' on his programs.
< 
< 	Besides why do that to look for holes?  There are plenty of other
< nifty possibilities for holes: [relevent security holes presented here]
<
< 	It's true that you should be careful of SUID programs, but not any
< more so than you should be careful of ANY permission changes or anything else
< you do as root.  There are no more problems with security on UNIX than there
< are on any other multi-user system; less, in a lot of cases.  If someone
< really wanted your data, they'd break into your office if no other method was
< available.

Yes, you present some other holes that can be found on many Unix
machines, I've used most of them myself.  However, just because
you are more clever than me does not mean that advice on --s--s--x
is totally bogus.  While it may not work for emulators, I
suspect that this is not the most widespread case and that a
readable file is indeed an invitation to scam.  Stripping the
symbols from a file does not remove the strings from a file, and
programmers clever enough to hide the strings are likely clever
enough to write the program properly in the first place.

--s--s--x will keep some people out.  It may not keep you out and
it may not keep me out and it may not keep Chris Torek (hi
Chris!) out but it will keep *some* people out.  It was not
advertised as the final solution to system security, and shooting
holes in it to show how clever you are serves only yourself.
Again:  surely you can find more pleasant/constructive ways of
putting in your two cents worth.  Why must you be so combative?

     Steve
-- 
Steve Friedl      V-Systems, Inc.        *Hi Mom*
friedl at vsi.com   {uunet,attmail,ihnp4}!vsi!friedl

More information about the Comp.unix.wizards mailing list