Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Run SUID shell scripts safely' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Run SUID shell scripts safely
Authored by: ghinteclinn on Apr 20, '05 09:52:59AM

Sure, and OS X uses the file descriptor mechanism.

However, anyone here might run into an older Unix that passes the script as an argument and, not knowing any better, might expect the contemporary behaviour and open up a serious security vulnerability. Best not to use setuid scripts at all.



[ Reply to This | # ]
SUID scripts are still unsafe in OS/X
Authored by: gshenaut on Apr 21, '05 02:38:57PM

The suggestion that "modern unices" are not vulnerable to the suid #! script race condition because they pass an open fd to the script may or may not be true (based on other messages here, "modern unix" usually means "versions of Linux I am familiar with"), but it doesn't apply to OS/X. If you'll page back through the previous articles in this hint, you'll find my documentation of a sucessful exploit of this race condition to get a root shell prompt on OS/X 10.3.9. Please, don't use analogies with other versions of UNIX to make generalization about OS/X: analogies are useful in generating hypotheses, but the hypotheses still need to be tested!

Greg Shenaut



[ Reply to This | # ]