[Linux] suid scripts
Danny Rathjens
dkr@hq.mycity.com
Mon, 02 Oct 2000 20:17:46 +0000
I think you are correct. According to the linux security howto
http://www.cpmc.columbia.edu/misc/docs/linux/security-howto.html
SUID Shell Scripts
SUID shell scripts are a serious security risk, and for this
reason the kernel will not honor them. Regardless of how
secure
you think the shell script is, it can be exploited to give the
cracker a root shell.
Kendrick Vargas wrote:
>
> On Mon, 2 Oct 2000, Danny Rathjens wrote:
>
> > Am I going senile? Any idea why this doesn't work?
> > (I did RH7-custom-upgrade a week ago)
> >
> > % ls -al suidtst
> > -rwsr-xr-x 1 502 666 13 Oct 2 15:38 suidtst*
> > % cat suidtst
> > #!/bin/sh
> > id -u
> > % id -u
> > 501
> > % ./suidtst
> > 501
> > %
>
> I vaguely remember that a number of OS's (I know IRIX is one of
> them) don't allow for suid shell scripts. Maybe that's it?
> -peace
>
> --- BEGIN GEEK CODE BLOCK ------------+-----------
> GAT d- s:+ !a C+(+++) UI/L/S/B++(+++) | "In the morning glad I see
> P>+ L+(++) E---- W+++ N+ o? K? w++++ | My foe outstrech'd beneath the tree."
> O--- M-- V PS+++@ PE Y-- PGP+ t++ 5 | -The Poison Tree
> X++ R- tv+ b DI++ D+ G e>* h*(!) r- | William Blake
> y*(+) ------ END GEEK CODE BLOCK -----+
--
struct Programmer/Analyst 'Danny Rathjens' {this.place =
"MyCity.com";}
I know you believe you understood what you think I said, but I am not
sure
you realize that what you heard is not what I meant.