Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: setuid scripts in SunOS 4.1.x

From: pod () morgan com (Paul O'Donnell)
Date: Tue, 27 Sep 1994 11:26:05 -0400

Fred Blonder reckons:

Ummm, then how's it going to cope with set-uid perl scripts, which ARE
rumored to be secure?  You could have a table of 'ok shell
interpreters' in the kernel, but that would be extremely ugly.

Since the problem is in /bin/sh, that is where it should be solved, or
at least avoided.  If you across-the-board disable all set-uid shell
interpreters, that will infuriate the few who do it right, and remove


Bzzzt, thank you for playing.  Some of the problems are in /bin/sh.
The most disturbing problem is a race condition in the kernel
between the permissions check (which assigns the effective uid) and
the opening of the file by the interpreter.  This race condition
can be exploited to subvert secrity.

Perl requires a C wrapper to run setuid, the wrapper is not subject
to the race condition.
Previous By Date Next
Previous By Thread Next

Current thread: