Originally, I wrote:
>Is there a way to disable setuid shell scripts under SunOS 4.1.3?
Please note that I said setuid _shell_scripts_, not just setuid
execution. This means that I want to retain setuid binaries, but
stop #! stuff (scripts).
The following people suggesteed I mount the partition(s) in question
nosuid. This disables all setuid stuff, and I don't want to do that:
blymn@mulga.awadi.com.AU (Brett Lymn)
Bo.Slaughter@eng.clemson.edu (Bo Slaughter)
Gene Rackow <rackow@mcs.anl.gov>
rwolf@dretor.dciem.dnd.ca (Robert J Wolf)
markus@octavia.anu.edu.au (Markus Buchhorn)
Steve_Kilbane@gec-epl.co.uk
John Valdes <valdes@geosun.uchicago.edu>
ems@ccrl.nj.nec.com (Ed Strong)
gpr@proteon.com (Gary Richardson)
>I would think that someone out there would have a kernel patch to
>disable setuid shell scripts!
Chris Keane <chris@rufus.state.com.au>, says that I can do this
if I have source code. (I sort of figured that out).
vasey@issi.com (Ron) suggests that according to chmod(2), suid
bits on a file are turned off when a non-root user writes to it.
stern@sunne.east.sun.com (Hal Stern - NE Area Systems Engineer),
says something really weird. I don't quite understand what he's
talking it about -- it seems to make references to that horrible
beast called (gasp!) the c shell:
>it's not possible. you could (in theory) hack the c shell
>to look at setuid bits and file types, and not execute
>setuid scripts, but i don't think this is a default mode.
>note that the csh won't execute a setuid script unless the
>-b flag is specified in the script's #!/bin/csh -fb line.
>the idea is that if you allow setuid scripts, you can
>make sure they're well behaved. this is the local machine
>case only.
Dan Stromberg - OAC-DCS <strombrg@hydra.acs.uci.edu>, says:
>BTW, I think most of the major holes inherent to setuid shell scripts
>have been cleaned up - the symlink thing, and the IFS thing, at least.
>About all that's left, is mistakenly invoking the wrong program -
>which can be done from perl or C - though isn't done as commonly.
>They're still not a great idea, but I don't know that they are
>inherently breakable, anymore.
I was under the impression that setuid scripts were still vulnerable
to symbolic-link -based attacks. Am I wrong?
If anyone has any further clarification, I'd appreciate hearing about
it. Thanks!
-- John Hawkinson jhawk@panix.com
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:08:06 CDT