setuid shell scripts
Larry Wall
lwall at jpl-devvax.JPL.NASA.GOV
Fri Nov 18 19:15:32 AEST 1988
In article <862 at cantuar.UUCP> greg at cantuar.UUCP (G. Ewing) writes:
: An interpreter for some programming language could be written
: that was careful to check the mode and owner of any file that it
: was about to execute, and if it was setu(g)id, refuse to continue
: if its owner(group) didn't match the process's effective u(g)id.
:
: Correct me if I'm wrong, but as things stand, this ought to be
: safe, oughtn't it?
Nope, sorry. Still definitely unsafe.
If there was any way to do it, I'd have done it with perl. I gave up and
disabled #! in my kernel, and now perl emulates set-id when necessary.
(Quite a trick disabling set-id #! in a binary only system! I managed
it on a Vax by changing a branch, but the Sun's another story. I'm trying
to wheedle the patch out of Sun but they're still thinking about it.
At least I hope they're still thinking about it...)
Not until a particular feature is hacked into the kernel will set-id #!
be secure again. It may also be necessary to modify interpreters, though
there are ways to avoid that if they work it right.
Larry Wall
lwall at jpl-devvax.jpl.nasa.gov
More information about the Comp.unix.wizards
mailing list