[1114] in linux-security and linux-alert archive
Re: [linux-security] Suid Programs / Help Wanted
daemon@ATHENA.MIT.EDU (Zoltan Hidvegi)
Thu Aug 29 19:29:47 1996
From: Zoltan Hidvegi <hzoli@cs.elte.hu>
To: security@shell.net-thing.net (Net-Thing Security)
Date: Thu, 29 Aug 1996 16:56:53 +0200 (MET DST)
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.LNX.3.91.960827001611.1826A-100000@shell.net-thing.net> from Net-Thing Security at "Aug 27, 96 00:53:10 am"
> Is there anyway to tell if a logged in user has a Euid=0 shell but
> everything else is the same as his normal login. If there is how about a
> daemon that checks users and freezes the login of any euiders=0 or ones
> that get to uid=0 shell and add their ip to hosts.deny. How about a
> automatic expert security program that keeps a watch over all logins.
>
> [REW: csh-variants detect this case, print "Permission denied." and exit.
> You could add this check to your /bin/sh. You have the source.]
bash and zsh have UID, EUID, GID, EGID variables. ksh, bash and zsh set
the -p (privileged) option when EUID != UID or EGID != GID upon startup.
Ksh executes /etc/suid_profile in that case (for all invocations not for
just login shells) and does not process the ENV variable. Zsh emulates the
ksh behaviour when invoked as sh or ksh otherwise it disables sourcing of
any user starup scripts (a special suid action can be specified using a
test in /etc/zshenv). bash, ksh and zsh resets EUID and EGID to the nornal
UID/GID when the -p option is unset (e.g. by the set +p command).
In addition in zsh {E,}{U,G}ID are writable parameters and they call
set{e,}{u,g}id() upon assignment. Similarily USERNAME is a writable
wariable in zsh which gets the uid for the given user and calls setuid().
All of that true only for zsh-3.0.0. It is not recommended to use older
versions.
[REW: Fun features. So you would put something like (consider this
pseudocode: I never can remember shell syntax.... :-)
if ((EUID != UID) || (EGID != GID))
log messag saying attempt to use setuid shell
exit
endif
in some shell startupfile. (I got lost in the xsh stuff above :-)
However setuid shell scripts are disabled anyway. And if you can put
suid bits on system shells you can also put them on your own version
of xyz-sh.
Many people commented on the ability to run just about any shell as
/bin/sh. Note that you should keep a boot- and root-disk handy and
attempt a reboot before trusting it. Some bootscripts have interesting
ways of breaking on a different shell.]
Zoltan