Re: suid script

To: pat@patoche.org
Cc: joey@kitenet.net, debian-user@lists.debian.org, bhmit1@mail.wm.edu
Subject: Re: suid script
From: Jiri Baum <jiri@baum.com.au>
Date: Sat, 5 Dec 1998 02:47:12 +1100 (EST)
Message-id: <[🔎] E0zlxRo-0003Bq-00@legend.baum.com.au>
In-reply-to: <[🔎] 199812032129.WAA00696@vagabond.bde.espci.fr> from "pat@patoche.org" at "Dec 3, 98 10:29:10 pm"

Hello,

> > Because shell scripts are supposidly very often full of securitry holes when
> > suid.
...
> the executable (bash, whatever) opens the file 
> it closes it
> it changes uid/gid to reflect suid status -> so it becames root or whatever
> it reopens it
> and executes it

The way I remember it is:

1) kernel opens the file, finds it suid
2) kernel executes the shell with that uid
3) shell opens the same filename

If some fast file-moving is done between (1) and (3), one can substitute
something else for the suid script.

Don't forget the user can copy / link a suid script into his home directory.

> I heard that some Unix systems (Solaris i think but not sure) provide a way to
> overcome this by feeding the script to the executable through /dev/3 or
> something like it (like a new STDIN)

Presumably the kernel hands the open file to the shell, rather than the
filename - which agrees with what you are saying (file handle 3).


The other way is to use sudo which grants access based on the filename rather
than on the inode information. Since the filename is what the shell is given,
you get agreement between the two.


HTH

Jiri <jiri@baum.com.au>

Reply to:

Follow-Ups:
- Re: suid script
  - From: Brandon Mitchell <bhmit1@mail.wm.edu>

References:
- Re: suid script
  - From: pat@patoche.org

Prev by Date: Re: Newbie needs help
Next by Date: Re: Is this really the right thing to do?
Previous by thread: Re: suid script
Next by thread: Re: suid script
Index(es):
- Date
- Thread