On Sunday 10 February 2008 11:13, Matthew Seaman wrote: > [EMAIL PROTECTED] wrote: > > On Wed, 06 Feb 2008, Alex Zbyslaw wrote > > SNIP > > > >> Setuid/gid bits on shell scripts aren't considered safe, however and may > >> even be disabled. > > > > THERE IS NO REASON FOR THIS, JUST USE THE FILE-SYSTEM TO PROTECT THE > > FILES (MAKE THEM NOT WRITEABLE). Scripts are no more susceptible to > > sabotage and misuse than binary files, it is just that scripts can be > > more easily decoded and understood than binary files, and so > > management (that usually doesn't know much about a computer system) > > becomes frightened and issues orders to relieve their stress. > > There's no particular reason that setuid bits on scripts are dangerous > nowadays. However in the dim and distant past (before the millenium) > there used to be a race condition on opening files that meant it was > trivial to use a setuid script to get a shell running under the target > UID. The horror of this situation seems to have branded itself so deeply > on the Unix psyche that even now, when that race condition has been > eliminated for many years, there is still a lingering reflex response: > "setuid scripts bad."
Specifically, the system would open the script to read the #! line and find out what interpreter to run, close the script and tell the specified interpreter to re-open it. If an attacker could change the file between the close and the re-open, you would end up running the attacker's script. I believe the fix was to hand the required interpreter an open file descriptor rather than a filename. Jonathan _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
