Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Potential warning: 10.3.9 disables SUID/SGID flag' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Potential warning: 10.3.9 disables SUID/SGID flag
Authored by: gshenaut on Apr 18, '05 08:01:38PM
Y'all are missing the point. It's not that writable, setuid scripts are insecure, it's that writable, setuid commands, of any kind, are insecure. Take /sbin/mount_nfs, which is "setuid Mach-O executable ppc" on my system and I assume on everyone's : if you have write permission on that file, you can overwrite it with /bin/sh and you'll have a suid shell. If you don't have write permission on it, then you can't. The situation with a setuid script is exactly the same!!.

Greg Shenaut

[ Reply to This | # ]

Potential warning: 10.3.9 disables SUID/SGID flag
Authored by: CoolerQ on Apr 18, '05 08:19:58PM

You all seem to be forgetting that this particular security hole was closed a long time ago. Whenever a setuid file is opened for writing, by anyone, the setuid bit is dropped. The owner must then chmod it to get the setuid back. This prevents someone from performing the attack you just described.

--Quentin



[ Reply to This | # ]