Secure setuid shell scripts
Chris Torek
chris at mimsy.UUCP
Tue Oct 25 06:23:12 AEST 1988
>>In article <4409 at bsu-cs.UUCP> dhesi at bsu-cs.UUCP (Rahul Dhesi) asked:
>>>If a 4.3BSD system has not been patched ....
>In article <14069 at mimsy.UUCP> I answered:
>>If the system has not been patched, and there is a set-ID script somewhere,
>>that script can be used as the basis for gaining the privileges granted
>>by that ID (user or group) in a way that the author of the script most
>>likely did not intend.
In article <546 at sp7040.UUCP> sbc at sp7040.UUCP (Stephen Carroll) asks:
>just one question. Is this problem a security hole for only BSD systems,
>or does it exist on other SVID type systems or others?
Since System Vs% do not have directly-executable scripts, System Vs do
not have the problem, because System Vs cannot possibly have any set-ID
scripts. (Actually, there is a way to have set-ID scripts without having
the kernel do it: you make the interpreter itself set-ID, and have it
check the ID on the script. I believe ksh can do this. sh cannot,
certainly not without modification.)
-----
% Not System V, System Vs: there are many different System Vs, all
incompatible to some extent. *Which one* shall we consider standard?
-----
- If the kernel does not have directly-executable scripts, the system
does not have the bug.
- If the kernel has the #! mechanism copied directly from 4BSD, the system
does have the bug.
- If the kernel has a modified #! mechanism, it might not have the bug.
- If you have on your machine no scripts that are themselves set-ID (user
or group), you need not worry about the bug, whether it exists or not
on your system.
--
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163)
Domain: chris at mimsy.umd.edu Path: uunet!mimsy!chris
More information about the Comp.unix.wizards
mailing list