Return to BSD News archive
Newsgroups: comp.unix.bsd Path: sserve!manuel.anu.edu.au!munnari.oz.au!spool.mu.edu!uwm.edu!cs.utexas.edu!convex!grefen From: grefen@convex.com (Stefan Grefen) Subject: Re: [386bsd] Fix for kern_execve to allow suid/sgid shellscipts Message-ID: <1992Dec07.082342.10224@convex.com> Sender: usenet@convex.com (news access account) Nntp-Posting-Host: connie.de.convex.com Reply-To: grefen@convex.com Organization: CONVEX Computer Corporation References: <4165@wzv.win.tue.nl> <veit.723491073@du9ds3> <19694@ksr.com> <4171@wzv.win.tue.nl> Date: Mon, 07 Dec 1992 08:23:42 GMT X-Disclaimer: This message was written by a user at CONVEX Computer Corp. The opinions expressed are those of the user and not necessarily those of CONVEX. Lines: 29 In article <4171@wzv.win.tue.nl>, guido@gvr.win.tue.nl (Guido van Rooij) writes: |> jfw@ksr.com (John F. Woods) writes: |> |> #>veit@du9ds3 (Holger Veit) writes: |> #>>In <4165@wzv.win.tue.nl> guido@gvr.win.tue.nl (Guido van Rooij) writes: .... |> #>>the possible security leak that is opened by a badly-written suid |> #>>shellscript. Is this something we could really want? |> #>Set-uid scripts are often extremely handy. Perhaps this could be made an |> #>option which could be enabled and disabled by a script that would also install |> #>a script which takes advantage of the hole and informs you of this fact to |> #>remind you of the dangers ;-). |> # |> They are handy, that's why I wrote that piece of code. However due to the |> fact that the name of the shell script is passed to the shell, you |> can quickly link it to another file and gain root privs. However, this |> is only possible if the you could run the suid/guid shellscript in the first |> place. So if you add this code to the kernel, make sure thatb when you |> make a suid/guid shell script, you use it only for yourself and |> mask away all group/world permissions. NEVER use it for general purpose |> /usr/bin applications. |> |> -Guido There was a programm for save suid/guid scripts in comp.sources.unix 2-4 years ago. I think it could be changed to run even if the kernel don't support uid scripts. This would be a save way to handle this demand for suid scripts. MfG Stefan