*BSD News Article 8828


Return to BSD News archive

Path: sserve!manuel.anu.edu.au!munnari.oz.au!network.ucsd.edu!dog.ee.lbl.gov!overload.lbl.gov!agate!spool.mu.edu!olivea!uunet!mcsun!sun4nl!tuegate.tue.nl!svin09!wzv!gvr.win.tue.nl!guido
From: guido@gvr.win.tue.nl (Guido van Rooij)
Newsgroups: comp.unix.bsd
Subject: Re: [386bsd] Fix for kern_execve to allow suid/sgid shellscipts
Message-ID: <4171@wzv.win.tue.nl>
Date: 6 Dec 92 18:09:25 GMT
References: <4165@wzv.win.tue.nl> <veit.723491073@du9ds3> <19694@ksr.com>
Sender: news@wzv.win.tue.nl
Lines: 29

jfw@ksr.com (John F. Woods) writes:

#>veit@du9ds3 (Holger Veit) writes:
#>>In <4165@wzv.win.tue.nl> guido@gvr.win.tue.nl (Guido van Rooij) writes:
#>>>I noticed that suid/sgid shellscripts dont work with the current 
#>>>kern_execve.c. I made a quick hack to do so.
#>>>Whenever a shellscript is found, the shell inherits the uid/gid
#>>>(if one of the sbits was set of course). It's a quick hack
#>>>as I said, but it works (so it seems ;-))
#>>>Comments are welcome.
#>>No criticism of your code, but: there have been endless discussions about
#>>the possible security leak that is opened by a badly-written suid 
#>>shellscript. Is this something we could really want?
#
#>Set-uid scripts are often extremely handy.  Perhaps this could be made an
#>option which could be enabled and disabled by a script that would also install
#>a script which takes advantage of the hole and informs you of this fact to
#>remind you of the dangers ;-).
#
They are handy, that's why I wrote that piece of code. However due to the
fact that the name of the shell script is passed to the shell, you
can quickly link it to another file and gain root privs. However, this
is only possible if the you could run the suid/guid shellscript in the first
place. So if you add this code to the kernel, make sure thatb when you
make a suid/guid shell script, you use it only for yourself and
mask away all group/world permissions. NEVER use it for general purpose
/usr/bin applications.

-Guido