Bugtraq mailing list archives
Re: SUID shell scripts, questions?
From: dawagner () phoenix Princeton EDU (David A. Wagner)
Date: Fri, 10 Feb 1995 21:07:54 -0500 (EST)
SUID shell scripts are traditionally insecure in unix environments. [...] Also from my understanding, at least one Unix has solved this problem by making a /dev/fd filesystem, [...]
Using the /dev/fd fs would remove the race condition, but the race isn't the only problem with setuid shell scripts. Unless the shell script writer is *very* careful (is it possible to be careful enough?), one can play around with PATH or IFS. If the script calls any non-statically linked executables, I think one can play around with LD_* variables on Suns. Finally, I believe any setuid shell script written for csh is irreparably broken: try TERM='`/bin/echo + + >/.rhosts`' csh-script There might be still more problems with setuid shell scripts which I've forgotten; hopefully someone more knowledgeable than I will point them out... ------------------------------------------------------------------------------- David Wagner dawagner () princeton edu
Current thread:
- Re: SUID shell scripts, questions?, (continued)
- Re: SUID shell scripts, questions? Greg Woods (Feb 10)
- Re: SUID shell scripts, questions? Carson Gaspar (Feb 11)
- Re: SUID shell scripts, questions? Fred Blonder (Feb 13)
- IFS Dave Williss (Feb 13)
- Re: SUID shell scripts, questions? Greg Woods (Feb 10)
- Re: SUID shell scripts, questions? David A. Wagner (Feb 10)
- Re: SUID shell scripts, questions? Peter Wemm (Feb 11)
- Returned mail: Cannot send message for 2 days Mail Delivery Subsystem (Feb 11)
- Re: SUID shell scripts, questions? Casper Dik (Feb 11)
- Solaris 2.3-2.4 Audit Bug Dow Summers (Feb 11)
- Re: Solaris 2.3-2.4 Audit Bug Christopher Klaus (Feb 12)
- Re: SUID shell scripts, questions? Peter Wemm (Feb 11)