[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: su : must be run from a terminal

Gilbert, Joseph wrote:
There are two other standard ways to have scripts run with root privileges.

1) For automated tasks, schedule it in root's crontab.  'man crontab' for
more info

2) Use setuid for scripts or programs that are to be run by users who need
root perms to perform a specific task programmed into that script.  You need
to think about security on this one though.  See 'man setuid' and 'man
chmod' for more info.

setuid has long been disabled for scripts, because an attacker could do something like this:

    ln setuid-script foo; (./foo &); ln -f evil-script foo

If the timing was just right the kernel would read the setuid bit, owner and script interpreter from setuid-script but the interpreter would read evil-script. This problem could be avoided if the kernel would pass the script to the interpreter using a file descriptor instead of an argument, but that's not backward-compatible.

What one can do is to write a specific wrapper for the script in some language that can be compiled to executable code, and make that setuid. It's possible to write a generic wrapper in C and use preprocessor macros to substitute the name of the specific script when compiling it. The script and its directory should be appropriately protected so that only the owner can modify or replace it.


Reply to: