[TUHS] Set-uid shell scripts

Norman Wilson norman at oclsc.org
Mon Aug 5 07:18:45 AEST 2019


Noel Chiappa:

  I wonder why it passed the link name, instead of the actual filename of the
  target (script)? Perhaps to allow one script to have multiple functions,
  depending on the name it was called with?

====

In fact the latter is still used here and there in standard
system distributions.

But from a security viewpoint it doesn't matter.  For

	ln -s /bin/scriptname ./-i

substitute

	execl("/bin/scriptname", "-i", (char *)0);

If you can execute a program, you can fake its arguments,
including argv[0].  There is no defence.

Norman Wilson
Toronto ON


More information about the TUHS mailing list