Re: suid script

To: bhmit1@mail.wm.edu (Brandon Mitchell)
Cc: jiri@baum.com.au, debian-user@lists.debian.org
Subject: Re: suid script
From: Jiri Baum <jiri@baum.com.au>
Date: Sun, 6 Dec 1998 09:42:26 +1100 (EST)
Message-id: <[🔎] E0zmQPC-000055-00@legend.baum.com.au>
In-reply-to: <[🔎] Pine.LNX.3.96.981204170020.10890A-100000@wm7-214.resnet.wm.edu> from Brandon Mitchell at "Dec 4, 98 05:06:43 pm"

Hello,

> > The way I remember it is:
> > 
> > 1) kernel opens the file, finds it suid
> > 2) kernel executes the shell with that uid
> > 3) shell opens the same filename
...
> I think it's probably the kernel that does the open on step 3,

No, it's the shell - it gets passed the filename. If it was the kernel opening
the file, there wouldn't be any problem, just like there's no problem with
ordinary executables.

> I wonder how other unix variants that allow suid scripts do this? 

As somebody pointed out - the kernel opens the file, and hands the open
filehandle to the shell. A filehandle always points to the same file (inode),
which stops this particular trick.

You still have to watch out for things like wierd environment variables.


Jiri <jiri@baum.com.au>

Reply to:

Follow-Ups:
- Re: suid script
  - From: Brandon Mitchell <bhmit1@mail.wm.edu>

References:
- Re: suid script
  - From: Brandon Mitchell <bhmit1@mail.wm.edu>

Prev by Date: Re: Unused libs for deletion?
Next by Date: Re: Upgrading from hamm to slink
Previous by thread: Re: suid script
Next by thread: Re: suid script
Index(es):
- Date
- Thread