Originally, I wrote:
>Is there a way to disable setuid shell scripts under SunOS 4.1.3?
Please note that I said setuid _shell_scripts_, not just setuid
execution. This means that I want to retain setuid binaries, but
stop #! stuff (scripts).
The following people suggesteed I mount the partition(s) in question
nosuid. This disables all setuid stuff, and I don't want to do that:
firstname.lastname@example.org.AU (Brett Lymn)
Bo.Slaughter@eng.clemson.edu (Bo Slaughter)
Gene Rackow <email@example.com>
firstname.lastname@example.org (Robert J Wolf)
email@example.com (Markus Buchhorn)
John Valdes <firstname.lastname@example.org>
email@example.com (Ed Strong)
firstname.lastname@example.org (Gary Richardson)
>I would think that someone out there would have a kernel patch to
>disable setuid shell scripts!
Chris Keane <email@example.com>, says that I can do this
if I have source code. (I sort of figured that out).
firstname.lastname@example.org (Ron) suggests that according to chmod(2), suid
bits on a file are turned off when a non-root user writes to it.
email@example.com (Hal Stern - NE Area Systems Engineer),
says something really weird. I don't quite understand what he's
talking it about -- it seems to make references to that horrible
beast called (gasp!) the c shell:
>it's not possible. you could (in theory) hack the c shell
>to look at setuid bits and file types, and not execute
>setuid scripts, but i don't think this is a default mode.
>note that the csh won't execute a setuid script unless the
>-b flag is specified in the script's #!/bin/csh -fb line.
>the idea is that if you allow setuid scripts, you can
>make sure they're well behaved. this is the local machine
Dan Stromberg - OAC-DCS <firstname.lastname@example.org>, says:
>BTW, I think most of the major holes inherent to setuid shell scripts
>have been cleaned up - the symlink thing, and the IFS thing, at least.
>About all that's left, is mistakenly invoking the wrong program -
>which can be done from perl or C - though isn't done as commonly.
>They're still not a great idea, but I don't know that they are
>inherently breakable, anymore.
I was under the impression that setuid scripts were still vulnerable
to symbolic-link -based attacks. Am I wrong?
If anyone has any further clarification, I'd appreciate hearing about
-- John Hawkinson email@example.com
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:08:06 CDT