Re: suid script
Le 03-Dec-98, Joey Hess a pris ses électrons pour écrire:
> Brandon Mitchell wrote:
>> Dang, looks like you are right Joey, at least I can't get a counter
>> example working. I have been forced to write csh scripts on linux that
>> are run by suid programs because bash will drop it's privleges to the
>> real user id. So, at least is some aspects, bash is worse than others.
>> Any idea why the kernel does this (if it really does, I'm still not sure
>> of it)?
>
> Because shell scripts are supposidly very often full of securitry holes when
> suid.
As far as i know it's not a problem of bugs or anything.
It's a general problem.
What i have understood (i'm not an expert)
the executable (bash, whatever) opens the file
it closes it
it changes uid/gid to reflect suid status -> so it becames root or whatever
it reopens it
and executes it
problem: you can change the content of the file between the two !!
so you can have your script, running as root, executing whatever you want !!
I heard that some Unix systems (Solaris i think but not sure) provide a way to
overcome this by feeding the script to the executable through /dev/3 or
something like it (like a new STDIN)
Patrick
/\//\/\/\\/\/\//\/\\/\/\\/\\/\//\/\\/\//\/\\/\//\/\\/\//\/\\
Patrick M. pat@patoche.org http://www.patoche.org/
Sysadmin of patoche.org, globenet.org, bde.espci.fr
Reply to: