[967] in bugtraq
Re: SUID shell scripts, questions?
daemon@ATHENA.MIT.EDU (Quentin Fennessy)
Fri Feb 10 23:22:41 1995
Date: Fri, 10 Feb 1995 21:27:27 -0600
From: Quentin Fennessy <Quentin.Fennessy@SEMATECH.Org>
To: bugtraq@fc.net
Cc: adam@bwh.harvard.edu
Adam, you wrote:
> setuid scripts are insecure because the interpreter (the
> shell) is not designed to be secure. Trying to patch it to make it
> secure is the wrong answer. The right answer is to build little
> setuid tools that do exactly and only what you need, such as the
> port20 tool mentioned in Cheswick & Bellovin.
Adam- I wonder if you would expand on this. I thought the basic
problem with the idea of suid #!/bin/interpreter scripts is the
race condition just described. What other basic problems exist
with suid #! scripts that are unique to these scripts?
My counter to your statement: Once the race condition is fixed
then secure suid shell programming is no more a problem than is
writing secure suid programs in C or perl or any other language.
The issues that arise seem to come from not understanding the
environment - things like IFS or the LD* variables or relative
paths, etc.
Quentin