Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Potential warning: 10.3.9 disables SUID/SGID flag' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Potential warning: 10.3.9 disables SUID/SGID flag
Authored by: kamath on Apr 18, '05 09:37:22PM

Why not just 'sudo script'?

You can even avoid passwords with NOPASSWD in the sudoers file.

This is not stupid, this has been the case in most unices for several years now. It has to do with a race-condition in the interpreter fireup sequence.

As for making it trivial to circumvent security, why not just log in as root? Or no root password? How about 'chmod u+s /bin/sh'? I've seen them all (I'm not kidding).

Look, the point of this is NOT to make it more difficult for end-users to do something, but to make it possible for knowledgeable people to "do the right thing", like writing wrapper scripts (which, by the way, is *EXACTLY* what sudo is -- it was written because every unix shop on the planet had a 'suid', '.root' or other 'give me root' programs (because no one should log in as root if they can avoid it, as there's no way to track who was root that way) -- a general 'run any script or program as root' program), without allowing "unauthorized" people to do Bad Things(tm). Of course, on a Mac, since it's GENERALLY single user, it's a non-issue. But if you have one admin on a mac, and several unpriviledged users, then setuid shell scripts could allow one of those non-priviledged users to become root -- A Bad Thing(tm). Go google it (try "setuid shell script race condition").

Now, having said all that, it turns out there's a pretty "simple" fix to this, which is to have the kernel pass an already open filedescriptor to the interpreter, which some unices have implemented.

However, to be completely honest, one should avoid setuid scripts as much as possible. You only need them for non-terminal (in the sense of tty terminal, not "Terminal", the mac terminal program (shame on them for calling it Terminal)) applications (as in "ways to do things", not as Mac OS X Applications), such as startup script (which is moot, since they run as root).

Here's the one example I had: I have a web application (php) which controls itunes. For a while (before I found A Better Way), I used a wrapper script so that the applescript would be called as the user running itunes instead of 'www'. (The Better Way, i.e., EASIER, was to run apache as that user, instead of www, since I'm lazy. The One True Way would be to use suexec or the like).



[ Reply to This | # ]