Run SUID shell scripts safely

Apr 19, '05 09:36:00AM

Contributed by: lincd0

I was surprised to learn that the 10.3.9 update disabled the SUID and SGID bits on shell scripts; I thought that had been done years ago (it should have been). Running SUID shell scripts directly was never safe, but there is a safe way to run them indirectly using the open-source POSIX application indir. indir is an interpreter that is invoked from the script instead of the shell. That is, instead of starting your script with something like:

#!/bin/sh
You would use this instead:
#!/usr/bin/indir -u
#?/bin/sh /path/to/script
indir runs some checks to make sure no exploits are possible, then starts an SUID shell and transfers control to it. I use this all the time, and it works perfectly, but there are some catches. You can't use bash as the secondary interpreter; you have to invoke as sh (actually the same program) instead. The PATH environment variable is ignored. For more information, see the documentation distributed with indir and search the archives of comp.unix.* on Google Groups.

The code is very old and somewhat hard to find. Just now I was able to find it here. Be sure to install the following patches: 1, 2.

[robg adds: I haven't tested this one.]

Comments (11)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20050418121144683