Bugtraq mailing list archives
Re: setuid scripts in SunOS 4.1.x
From: pod () morgan com (Paul O'Donnell)
Date: Tue, 27 Sep 1994 11:26:05 -0400
Fred Blonder reckons:
Ummm, then how's it going to cope with set-uid perl scripts, which ARE rumored to be secure? You could have a table of 'ok shell interpreters' in the kernel, but that would be extremely ugly. Since the problem is in /bin/sh, that is where it should be solved, or at least avoided. If you across-the-board disable all set-uid shell interpreters, that will infuriate the few who do it right, and remove
Bzzzt, thank you for playing. Some of the problems are in /bin/sh. The most disturbing problem is a race condition in the kernel between the permissions check (which assigns the effective uid) and the opening of the file by the interpreter. This race condition can be exploited to subvert secrity. Perl requires a C wrapper to run setuid, the wrapper is not subject to the race condition.
Current thread:
- Re: setuid scripts in SunOS 4.1.x Richard Huddleston (Sep 21)
- <Possible follow-ups>
- Re: setuid scripts in SunOS 4.1.x Peter Jeremy (Sep 22)
- Re: setuid scripts in SunOS 4.1.x Colin Campbell (Sep 23)
- Re: setuid scripts in SunOS 4.1.x John Hawkinson (Sep 22)
- Re: setuid scripts in SunOS 4.1.x Karl Strickland (Sep 24)
- Re: setuid scripts in SunOS 4.1.x Fred Blonder (Sep 26)
- Re: setuid scripts in SunOS 4.1.x John Hawkinson (Sep 26)
- Re: setuid scripts in SunOS 4.1.x Harold van Aalderen (Sep 27)
- Re: setuid scripts in SunOS 4.1.x Rafi Sadowsky (Sep 27)
- Re: setuid scripts in SunOS 4.1.x Paul O'Donnell (Sep 27)
- Re: setuid scripts in SunOS 4.1.x Fred Blonder (Sep 27)
- Re: setuid scripts in SunOS 4.1.x John Hawkinson (Sep 27)
- Re: setuid scripts in SunOS 4.1.x Valdis.Kletnieks () vt edu (Apr 17)
- Re: setuid scripts in SunOS 4.1.x jmc () gnu ai mit edu (Sep 28)
- request Michel JACQUOT (Sep 29)
- Re: setuid scripts in SunOS 4.1.x Fred Blonder (Sep 28)
- Re: setuid scripts in SunOS 4.1.x John Hawkinson (Sep 28)
- Re: setuid scripts in SunOS 4.1.x John Hawkinson (Sep 22)
- Security Info (root broken) Pat Myrto (Sep 28)
- Re: Security Info (root broken) Valdis.Kletnieks () vt edu (Apr 18)
- Re: Security Info (root broken) Perry E. Metzger (Sep 28)