[TUHS] Set-uid shell scripts
Norman Wilson
norman at oclsc.org
Mon Aug 5 07:18:45 AEST 2019
Noel Chiappa:
I wonder why it passed the link name, instead of the actual filename of the
target (script)? Perhaps to allow one script to have multiple functions,
depending on the name it was called with?
====
In fact the latter is still used here and there in standard
system distributions.
But from a security viewpoint it doesn't matter. For
ln -s /bin/scriptname ./-i
substitute
execl("/bin/scriptname", "-i", (char *)0);
If you can execute a program, you can fake its arguments,
including argv[0]. There is no defence.
Norman Wilson
Toronto ON
More information about the TUHS
mailing list