Return to BSD News archive
Newsgroups: comp.unix.bsd
Path: sserve!manuel.anu.edu.au!munnari.oz.au!spool.mu.edu!uwm.edu!cs.utexas.edu!convex!grefen
From: grefen@convex.com (Stefan Grefen)
Subject: Re: [386bsd] Fix for kern_execve to allow suid/sgid shellscipts
Message-ID: <1992Dec07.082342.10224@convex.com>
Sender: usenet@convex.com (news access account)
Nntp-Posting-Host: connie.de.convex.com
Reply-To: grefen@convex.com
Organization: CONVEX Computer Corporation
References: <4165@wzv.win.tue.nl> <veit.723491073@du9ds3> <19694@ksr.com> <4171@wzv.win.tue.nl>
Date: Mon, 07 Dec 1992 08:23:42 GMT
X-Disclaimer: This message was written by a user at CONVEX Computer
Corp. The opinions expressed are those of the user and
not necessarily those of CONVEX.
Lines: 29
In article <4171@wzv.win.tue.nl>, guido@gvr.win.tue.nl (Guido van Rooij) writes:
|> jfw@ksr.com (John F. Woods) writes:
|>
|> #>veit@du9ds3 (Holger Veit) writes:
|> #>>In <4165@wzv.win.tue.nl> guido@gvr.win.tue.nl (Guido van Rooij) writes:
....
|> #>>the possible security leak that is opened by a badly-written suid
|> #>>shellscript. Is this something we could really want?
|> #>Set-uid scripts are often extremely handy. Perhaps this could be made an
|> #>option which could be enabled and disabled by a script that would also install
|> #>a script which takes advantage of the hole and informs you of this fact to
|> #>remind you of the dangers ;-).
|> #
|> They are handy, that's why I wrote that piece of code. However due to the
|> fact that the name of the shell script is passed to the shell, you
|> can quickly link it to another file and gain root privs. However, this
|> is only possible if the you could run the suid/guid shellscript in the first
|> place. So if you add this code to the kernel, make sure thatb when you
|> make a suid/guid shell script, you use it only for yourself and
|> mask away all group/world permissions. NEVER use it for general purpose
|> /usr/bin applications.
|>
|> -Guido
There was a programm for save suid/guid scripts in comp.sources.unix 2-4
years ago. I think it could be changed to run even if the kernel don't
support uid scripts. This would be a save way to handle this demand
for suid scripts.
MfG
Stefan