Bugtraq mailing list archives

Re: SUID shell scripts, questions?

From: Quentin.Fennessy () SEMATECH Org (Quentin Fennessy)
Date: Fri, 10 Feb 1995 21:27:27 -0600


Adam, you wrote:

      setuid scripts are insecure because the interpreter (the
shell) is not designed to be secure.  Trying to patch it to make it
secure is the wrong answer.  The right answer is to build little
setuid tools that do exactly and only what you need, such as the
port20 tool mentioned in Cheswick & Bellovin.


Adam- I wonder if you would expand on this.  I thought the basic 
problem with the idea of suid #!/bin/interpreter scripts is the
race condition just described.   What other basic problems exist
with suid #! scripts that are unique to these scripts?

My counter to your statement:  Once the race condition is fixed
then secure suid shell programming is no more a problem than is
writing secure suid programs in C or perl or any other language.
The issues that arise seem to come from not understanding the 
environment - things like IFS or the LD* variables or relative
paths, etc.

Quentin

Current thread:

Re: IFS, (continued)
- - - Re: IFS Paul Robinson (Feb 14)
    - Re: IFS David Barr (Feb 15)
    - Re: IFS Julian Assange (Feb 15)
    - Re: IFS Nate Sammons - CVL System Admin (Feb 15)
- Re: SUID shell scripts, questions? David A. Wagner (Feb 10)
  - Re: SUID shell scripts, questions? Peter Wemm (Feb 11)
    - Returned mail: Cannot send message for 2 days Mail Delivery Subsystem (Feb 11)
    - Re: SUID shell scripts, questions? Casper Dik (Feb 11)
    - Solaris 2.3-2.4 Audit Bug Dow Summers (Feb 11)
    - Re: Solaris 2.3-2.4 Audit Bug Christopher Klaus (Feb 12)
- Re: SUID shell scripts, questions? Quentin Fennessy (Feb 10)