Bugtraq mailing list archives

Re: SUID shell scripts, questions?

From: woods () ncar ucar edu (Greg Woods)
Date: Fri, 10 Feb 95 17:23:11 MST

Since starting the shell can take
a finite amount of time, there's a race condition where you can substitute
in a different file for the one that originally spawned the shell.


Or you can just create a symlink to a setuid script called "-i". Guess
what happens when the system executes "sh -i"? Don't even need the
race condition. And even without this, you could always overwrite the
SAME file with something new, so the fd doesn't change.

--Greg

Current thread:

SUID shell scripts, questions? That Whispering Wolf... (Feb 10)
- Re: SUID shell scripts, questions? Adam Shostack (Feb 10)
- Re: SUID shell scripts, questions? Greg Woods (Feb 10)
  - Re: SUID shell scripts, questions? Carson Gaspar (Feb 11)
  - Re: SUID shell scripts, questions? Fred Blonder (Feb 13)
  - IFS Dave Williss (Feb 13)
    - Re: IFS Karl Strickland (Feb 13)
    - Re: IFS Jas (Feb 13)
    - Re: IFS Paul Robinson (Feb 14)
    - Re: IFS David Barr (Feb 15)
    - Re: IFS Julian Assange (Feb 15)
    - Re: IFS Nate Sammons - CVL System Admin (Feb 15)
- Re: SUID shell scripts, questions? David A. Wagner (Feb 10)

(Thread continues...)