suid root - bash script
Shachar Shemesh
shachar at shemesh.biz
Thu Apr 23 11:31:38 IDT 2009
Oron Peled wrote:
>
> There's a reason why the kernel does not respect suid/sgid bit on shell
> scripts -- It's because there are gazillions of ways a user can use
> this script to gain total root access.
>
Name two?
>
> Maybe writing a wrapper suid program that totally sanitize
> both the environment and command line arguments before
> exec'ing the script would make it. Although I wouldn't bet
> on it since it only covers the obvious attack vectors against
> shell scripts.
>
Fine. Make the two cover these obvious vectors, one each.
I have to say that I first heard about this restriction, I thought it
made a lot of sense. Since then, I have searched for these famed attack
vectors, and have come up short. Sure, if the script itself has security
holes, then a suid script will be vulnerable. As I'm sure you know well,
this is also true of C written code, however.
So my question is: are there attack vectors against the following script?
#!/bin/sh -e
echo "Hello, cruel world"
--
Shachar Shemesh
Lingnu Open Source Consulting Ltd.
http://www.lingnu.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20090423/bb5c9cb5/attachment.html>
More information about the Linux-il
mailing list