[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: suid scripts

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: suid scripts
From: Jim Breton <jamesb-openbsd_(_at_)_alongtheway_(_dot_)_com>
Date: Mon, 6 Nov 2000 20:08:49 +0000
Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org

On Mon, Nov 06, 2000 at 11:15:09AM -0800, Seth Arnold wrote:
> interpreter. Some OSs deal with this via a /dev/fd/ directory,
> containing file descriptors -- using file descriptors is adequate to fix
> the problem. Other OSs deal with this by making setuid scripts not
> setuid. Linux takes this approach, though the suidperl interpreter can
> get around it somehow. <shrug>.

Linux apparently uses both of these mechanisms... disabling suid/sgid on
interpreted scripts as well as /dev/fd/* pointing to the open file
descriptors of the current process (they point into /proc/self/)

As for suidperl, the binary itself is suid so in such a case you can
pretty much execute anything as root (provided it passes suidperl's own
checks (which I choose not to trust, YMMV)) since by the time the script
is interpreted, you are already running with EUID=0.

Disclaimer: any of the above may be wrong, this is just my view of my
own observations.  :)

Prev by Date: Re: "Manga Ramblow" shirts?
Next by Date: Re: OpenBSD on BUGTRAQ again.
Previous by thread: Re: suid scripts
Next by thread: Re: "Manga Ramblow" shirts?
Index(es):
- Date
- Thread

Visit your host, monkey.org