[1118] in linux-security and linux-alert archive
Re: [linux-security] Suid Programs / Help Wanted
daemon@ATHENA.MIT.EDU (Zoltan Hidvegi)
Fri Aug 30 19:58:46 1996
From: Zoltan Hidvegi <hzoli@cs.elte.hu>
To: hzoli@cs.elte.hu (Zoltan Hidvegi)
Date: Fri, 30 Aug 1996 20:37:22 +0200 (MET DST)
Cc: security@shell.net-thing.net, linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199608291456.QAA00370@labor3.cs.elte.hu> from Zoltan Hidvegi at "Aug 29, 96 04:56:53 pm"
> [REW: Fun features. So you would put something like (consider this
> pseudocode: I never can remember shell syntax.... :-)
>
> if ((EUID != UID) || (EGID != GID))
> log messag saying attempt to use setuid shell
> exit
> endif
A more portable test which works with most modern shells is
case $- in
*p*) log something; exit;;
esac
or instead of exiting it may use set +p to drop privileges. But it may not
prevent all attacks because when an interactive shell is interrupted while
it is processing its startup files it will give you a prompt so a quick INT
signal can give you a root prompt. Not all shells does this. AT&T ksh '93
exits when it receives an interrups while processing init scripts and I'll
modify zsh to exit when it is in privileged interactive mode and an
untrapped INT signal arrives while it is processing a startup script.
> However setuid shell scripts are disabled anyway. And if you can put
> suid bits on system shells you can also put them on your own version
> of xyz-sh.
Suid scripts are disabled but someone may call system() or popen() from a
suid program (which is certainly a BAD thing but it sometimes happens).
> Many people commented on the ability to run just about any shell as
> /bin/sh. Note that you should keep a boot- and root-disk handy and
> attempt a reboot before trusting it. Some bootscripts have interesting
> ways of breaking on a different shell.]
I use zsh as /bin/sh on Slackware-3.0. As I know slackware boot scripts
are designed for ash so it is not very surprising that it works.
I would really like to hear about other people's experiences with zsh
installed in /bin/sh especially on RedHat and Debian systems. If you try
that, make sure you have zsh-3.0.0 (use echo $ZSH_VERSION). Report any
problems related to that to me. If it is a real problem and not just a
bash specific feature used in init scripts I'll be glad to fix it.
Zoltan