[967] in bugtraq

home help back first fref pref prev next nref lref last post

Re: SUID shell scripts, questions?

daemon@ATHENA.MIT.EDU (Quentin Fennessy)
Fri Feb 10 23:22:41 1995

Date: Fri, 10 Feb 1995 21:27:27 -0600
From: Quentin Fennessy <Quentin.Fennessy@SEMATECH.Org>
To: bugtraq@fc.net
Cc: adam@bwh.harvard.edu



Adam, you wrote:
> 	setuid scripts are insecure because the interpreter (the
> shell) is not designed to be secure.  Trying to patch it to make it
> secure is the wrong answer.  The right answer is to build little
> setuid tools that do exactly and only what you need, such as the
> port20 tool mentioned in Cheswick & Bellovin.

Adam- I wonder if you would expand on this.  I thought the basic 
problem with the idea of suid #!/bin/interpreter scripts is the
race condition just described.   What other basic problems exist
with suid #! scripts that are unique to these scripts?

My counter to your statement:  Once the race condition is fixed
then secure suid shell programming is no more a problem than is
writing secure suid programs in C or perl or any other language.
The issues that arise seem to come from not understanding the 
environment - things like IFS or the LD* variables or relative
paths, etc.

Quentin

home help back first fref pref prev next nref lref last post