[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: suid scripts

To: "Francis A. Holop" <fred@kripel.unitra.sk>, misc@openbsd.org
Subject: Re: suid scripts
From: Seth Arnold <sarnold@willamette.edu>
Date: Mon, 6 Nov 2000 11:15:09 -0800
Cc: fred@francis.unitra.sk
Content-Disposition: inline
Mail-Followup-To: "Francis A. Holop" <fred@kripel.unitra.sk>,misc@openbsd.org, fred@francis.unitra.sk
References: <20001104234108.A13617@kripel.unitra.sk>
User-Agent: Mutt/1.2.5i

* Francis A. Holop <fred@kripel.unitra.sk> [001106 10:49]:
> hello list,

Thinking of which, how did you send this email? Mutt's usual L reply
mode is not working for this email, because the header is To: yourself,
rather than To: misc@openbsd.org. Hmm. How very odd. :)

As for wondering about suid shell scripts, you should. :) Many Unix-like
OSs cannot handle them securely -- any kernel that checks the
permissions on the file to be interpreted, fires up the interpreter on
the file is vulnerable to a race condition -- someone could swap the
interpreted file out from underneath the kernel while it is starting the
interpreter. Some OSs deal with this via a /dev/fd/ directory,
containing file descriptors -- using file descriptors is adequate to fix
the problem. Other OSs deal with this by making setuid scripts not
setuid. Linux takes this approach, though the suidperl interpreter can
get around it somehow. <shrug>.

I don't know how OpenBSD handles this situation, so I figured I would
try to find out. I wrote a very small C program that I figured should be
equivalent to your shell script. (NOTE TO EVERYONE: I am very
inexperienced with C, so using this program as 'good advice' is most
likely going to cause your computer to catch fire.)

Based on what I have found with this program, it looks like OpenBSD does
not allow setuid shell scripts -- which is probably the Right Thing To
Do.

If anyone wants to correct me (my grammer, my C, my conclusions :)
*please do*. I want to get better at systems programming in C. :)

To compare our experiences:
$ cat ./suid.c
#include <unistd.h>

int main(int argc, char *argv[]) {
        execl("/usr/bin/id","id",(void*)0);
        return(0);
}
$ cc suid.c -o suid -Wall -O2 
$ sudo chown root.wheel ./suid 
$ sudo chmod +s ./suid         
$ ./suid                       
uid=1000(sarnold) euid=0(root) gid=1000(sarnold) egid=0(wheel) groups=1000(sarnold), 0(wheel)


> kripel> cat suid
> id
> kripel> sudo chmod +s ./suid
> kripel> ls -la ./suid
> -rwsr-sr-x  1 root  wheel  21 Nov  4 23:17 ./suid
> kripel> ./suid
> uid=1001(fred) gid=10(users) groups=10(users), 0(wheel)

-- 
``Oh Lord; Ooh you are so big; So absolutely huge; Gosh we're all really
impressed down here, I can tell you.''

Follow-Ups:
- Re: suid scripts
  - From: Jim Breton <jamesb-openbsd@alongtheway.com>

References:
- suid scripts
  - From: "Francis A. Holop" <fred@kripel.unitra.sk>

Prev by Date: Re: suid scripts
Next by Date: Re: "Manga Ramblow" shirts?
Prev by thread: Re: suid scripts
Next by thread: Re: suid scripts
Index(es):
- Date
- Thread