On Thu, 16 Apr 1998 carsonat_private wrote: >> Little Boss: The Big Boss wants a shell script to be setuid root. > > 2) Setuid shell scripts (at least /bin/sh ones) are secure in many modern > operating systems, such as Solaris 2.x, thanks to /dev/fd No they aren't secure, at least as a general rule. You can't easily change what a binary does without actually replacing the binary. With a shell script, all kinds of possibilities exist. If you can exit to a shell the possibility of gaining unauthorized root access exists. Trojan statements can be inserted in the shell file to cause damage. What does the floppy device have to do with anything??? > 3) If (1) and (2) fail to make you modify your policy, you can always > make him code a setuid wrapper in C, instead of shell. This is *much* more preferable. Depends on the size of the shell script, but do *NOT* have any system() functions in the code since this is almost as bad as a shell file. If you can somehow shell out, (or invoke a shell from the program) you are again gaining root access. HHH
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:55:31 PDT