Re: SUID shell scripts, questions?

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Quentin Fennessy: "Re: SUID shell scripts, questions?"
• Previous message: Pete Hartman: "Re: Re: Need source routing prog"
• In reply to: That Whispering Wolf...: "SUID shell scripts, questions?"
• Next in thread: Peter Wemm: "Re: SUID shell scripts, questions?"

> 
> SUID shell scripts are traditionally insecure in unix environments. [...]
> Also from my understanding, at least one Unix has solved this problem
> by making a /dev/fd filesystem, [...]
> 

Using the /dev/fd fs would remove the race condition, but the race
isn't the only problem with setuid shell scripts.

Unless the shell script writer is *very* careful (is it possible to
be careful enough?), one can play around with PATH or IFS.  If the
script calls any non-statically linked executables, I think one can
play around with LD_* variables on Suns.

Finally, I believe any setuid shell script written for csh is
irreparably broken: try

TERM='`/bin/echo + + >/.rhosts`' csh-script

There might be still more problems with setuid shell scripts which
I've forgotten; hopefully someone more knowledgeable than I will
point them out...

-------------------------------------------------------------------------------
David Wagner                                             dawagner@princeton.edu

• Next message: Quentin Fennessy: "Re: SUID shell scripts, questions?"
• Previous message: Pete Hartman: "Re: Re: Need source routing prog"
• In reply to: That Whispering Wolf...: "SUID shell scripts, questions?"
• Next in thread: Peter Wemm: "Re: SUID shell scripts, questions?"