|
|
Run SUID shell scripts safely
Yeah, the key to this as I understand it is that you create a symlink in a directory you own to a suid script somewhere else, and then invoke the symlink while immediately replacing it with your own content. I played around with this a little, and it definitely works, better with long scripts than short ones. It is an artifact of the way #! scripts are implemented, passing the name of the script to the interpreter rather than a file descriptor.
So, relunctantly, I am turning sugid_scripts back off on my machines. I am a firm believer in sunshine as being the best defense against maliciousness, so in that spirit, here is the code I used in my playing around:
To convince yourself of the wisdom of disallowing suid scripts, do the following:
Change the string MYNAME to your login name and compile the above program. Then find a suid script (you will probably have to make one; if you do, it will work much better if you stick a bunch of comment lines in there to make it take a while to load). To make it suid, run the commands "sudo chown 0:0 SCRIPT; sudo chmod +w,+s SCRIPT", where SCRIPT is the path to your script. My test script was simply
You will have to enable suid scripts:
Now the fun part: run this command over and over again from your home directory:
where SCRIPT is the path to your suid script. When you get a root prompt, stop. On my 1st edition 17" PB, it takes from 2 to over 20 tries to get root, but I have always gotten there.
Note that you don't need write permission on the script at all, just write permission in your home directory. This little demo turned me from a strong advocate of allowing suid scripts to a strong advocate for disallowing them. Once you're done with this test, don't forget to remove your test script and to run
Greg Shenaut |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysNo new commentsLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.09 seconds |
|