I've uploaded suidscript.c with updates:
http://suidscript.sply.org/suidscript/suidscript.c
http://suidscript.sply.org/suidscript.tgz
Current implementation checks the safety of an interpreter path and of a script
path - all nodes required to be owned by root or script owner and writable only
by
> The biggest problem is its failure to check the sanity of the input
> parameters - that a particular argument actually exists before
> referencing it.
Do you mean that evil Bob can substitue Alice's script between stat() and
execve() calls?
Yes, I've missed this point.
We can use realpath and
There are some security problems with kernel-level script
setuid execution which discourage from using it. The standard
recommendation is to write a binary setuid wrapper for
each script needed. But maybe it's better to use one simple,
well reviewed and verified setuid wrapper for all common tasks?
3 matches
Mail list logo
