[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: setuid programs under "sarge" and "woody"

Douglas Bates <bates@stat.wisc.edu> [2002-10-31 11:28:19 -0600]:
> We have their tar program installed under the wsbackup login.  The
> program is owned by root.root and has setuid and setgid permissions.
> 505$ ls -la
> total 12
> drwxr-sr-x    2 wsbackup wsbackup     4096 Oct 30 11:02 .
> drwxr-sr-x    4 wsbackup wsbackup     4096 Oct 30 10:58 ..
> -rwsrwsr-x    1 root     root         1889 Oct 30 11:02 sushiRunLinuxTar

That looks small for an executable.  Is it a script perhaps?

> > It seems the script is being found, but has errors/doesn't
> > execute/something.
> Is there something else I should do to allow this program to run
> setuid root?

Never run scripts suid as it is a terrible security hole.  It is not
working for you since the kernel is now compiled to avoid doing this
and therefore avoids the security problems.

Instead do one of these two things.  Create a compiled program which
cleans the environment of potential security problems.  Run the
program suid.  That program calls your script.  Easy to do.  But you
get to maintain it forever.  Unless you are a C programmer I would go
with solution two below.

Probably the best solution is to use 'sudo'.  If this script needs to
run as root then configure sudo with 'visudo' and add an entry like
this.  I would rename sushiRunLinuxTar to sushiRunLinuxTar.sh and
create a new script that just calls sudo sushiRunLinuxTar.sh.

  ALL     ALL=NOPASSWD: /full/path/to/sushiRunLinuxTar.sh

Then the sushiRunLinuxTar script can look like this.

  sudo /full/path/to/sushiRunLinuxTar.sh "$@"

Using sudo in this way does not avoid possible security problems that
you might open in your script.  You still need to avoid doing bad
things yourself.  But it is probably the best way to run a script as


Attachment: pgp8vfCC0qN5e.pgp
Description: PGP signature

Reply to: