[1128] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] Suid Programs / Help Wanted

daemon@ATHENA.MIT.EDU (Arik Baratz)
Sun Sep 1 07:52:34 1996

Date: Sun, 1 Sep 1996 01:47:21 +0300 (GMT+0300)
From: Arik Baratz <arikb@ccarik.technion.ac.il>
Reply-To: Arik Baratz <4z9dge@4z9dge.ampr.org>
To: Zoltan Hidvegi <hzoli@cs.elte.hu>
cc: Net-Thing Security <security@shell.net-thing.net>,
        linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199608291456.QAA00370@labor3.cs.elte.hu>


   I think the discussion is rather invalid, because instead of SUIDing a
shell, the hacker can, after examining your scripts, do something like:

cat > hmm.c
main() {
   setuid(0);
   setgid(0);
   system("/bin/sh");
}
[he presses ctrl-d now]
cc -o hmm hmm.c
[now he runs the exploit script on hmm instead of a copy of /bin/sh]
./hmm
rm -rf /

This can bypass any checking you might put in your startup scripts.

My point is this: SUID shells are _NOT_ the problem. an SUID file manager
will cause as much problems. Cure the problem, not the symptoms.

--------------------------------------------- ....- --.. ----. -.. --. .
            Arik Baratz, Regularus Studentus, iNTP, 4Z9DGE
---------------------------------------------------------------------------
http://ccarik.technion.ac.il/~arikb

finger arikb@aluf.technion.ac.il for PGP key.

home help back first fref pref prev next nref lref last post