SUMMARY: Disabling setuid shell scripts (4.1.3)

From: John Hawkinson (
Date: Thu Aug 12 1993 - 11:37:01 CDT

Originally, I wrote:

>Is there a way to disable setuid shell scripts under SunOS 4.1.3?

Please note that I said setuid _shell_scripts_, not just setuid
execution. This means that I want to retain setuid binaries, but
stop #! stuff (scripts).

The following people suggesteed I mount the partition(s) in question
nosuid. This disables all setuid stuff, and I don't want to do that: (Brett Lymn) (Bo Slaughter)
 Gene Rackow <> (Robert J Wolf) (Markus Buchhorn)
 John Valdes <> (Ed Strong) (Gary Richardson)

>I would think that someone out there would have a kernel patch to
>disable setuid shell scripts!

Chris Keane <>, says that I can do this
if I have source code. (I sort of figured that out). (Ron) suggests that according to chmod(2), suid
bits on a file are turned off when a non-root user writes to it. (Hal Stern - NE Area Systems Engineer),
says something really weird. I don't quite understand what he's
talking it about -- it seems to make references to that horrible
beast called (gasp!) the c shell:

>it's not possible. you could (in theory) hack the c shell
>to look at setuid bits and file types, and not execute
>setuid scripts, but i don't think this is a default mode.
>note that the csh won't execute a setuid script unless the
>-b flag is specified in the script's #!/bin/csh -fb line.

>the idea is that if you allow setuid scripts, you can
>make sure they're well behaved. this is the local machine
>case only.

Dan Stromberg - OAC-DCS <>, says:

>BTW, I think most of the major holes inherent to setuid shell scripts
>have been cleaned up - the symlink thing, and the IFS thing, at least.
>About all that's left, is mistakenly invoking the wrong program -
>which can be done from perl or C - though isn't done as commonly.
>They're still not a great idea, but I don't know that they are
>inherently breakable, anymore.

I was under the impression that setuid scripts were still vulnerable
to symbolic-link -based attacks. Am I wrong?

If anyone has any further clarification, I'd appreciate hearing about
it. Thanks!

John Hawkinson

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:08:06 CDT