Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.bhp.com.au!mel.dit.csiro.au!munnari.OZ.AU!news.hawaii.edu!ames!usenet.kornet.nm.kr!xpat.postech.ac.kr!news.kreonet.re.kr!usenet.seri.re.kr!news.cais.net!ringer.cs.utsa.edu!swrinde!gatech!usenet.eel.ufl.edu!col.hp.com!sdd.hp.com!hamblin.math.byu.edu!park.uvsc.edu!usenet From: Terry Lambert <terry@lambert.org> Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: execve() ignores shell script setuid bit Date: 20 Jan 1996 21:59:12 GMT Organization: Utah Valley State College, Orem, Utah Lines: 31 Message-ID: <4drojg$oj@park.uvsc.edu> References: <30FEC809.167EB0E7@lasorda.princeton.edu> NNTP-Posting-Host: 198.17.250.210 Luoqi Chen <luoqi@lasorda.princeton.edu> wrote: ] ] I installed FreeBSD on my PC just a couple of weeks ago. Today I noticed ] that setuid shell script doesn't run with effective uid set. I checked ] with kern_exec.c, it seemed to me that execve() uses the attributes ] of the interpreter rather than those of the script, to check for the ] setuid and setgid bits. Is this a bug or a feature (or simply I misread ] the source code)? I am using FreeBSD 2.1 release. This is a security feature. You will need to write a C program if you wish to explicitly compromise the security of your machine, and have it system(3) the shell script. Typically, you will want to hide the shell script via permissions on the script and the directory it is located in if you want to give ordinary users access to the calling program. Obviously, this still leaves a number of possible holes which a hacker could driver his truck through -- you'd be better of rewriting the whole thing as a C program... assuming you really need SUID in the first place, and can't solve the problem some other way. Terry Lambert terry@cs.weber.edu --- Any opinions in this posting are my own and not those of my present or previous employers.