|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: SUID shell scripts, questions?
Adam Shostack (adam
bwh.harvard.edu)Fri, 10 Feb 1995 17:47:11 -0500 (EST)
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Stephen Gildea: "Re: X authentication"
- Previous message: Nathan Lawson: "Re: Need source routing prog"
- In reply to: That Whispering Wolf...: "SUID shell scripts, questions?"
- Next in thread: Greg Woods: "Re: SUID shell scripts, questions?"
You wrote: | SUID shell scripts are traditionally insecure in unix environments. From | my understanding, this is because when the kernel hits the #! magic | number when executing the file, it then execs a shell and passes the [...] | Now, since some on the list have the kern_exec.c code from the SunOS | kernel (I'm sure SOMEONE kept a copy), shouldn't it be possible to | patch this source so that, combined with the /dev/fd filesystem, SunOS | supports secure SUID scripts? It seems to me that it should be easy to setuid scripts are insecure because the interpreter (the shell) is not designed to be secure. Trying to patch it to make it secure is the wrong answer. The right answer is to build little setuid tools that do exactly and only what you need, such as the port20 tool mentioned in Cheswick & Bellovin. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
- Next message: Stephen Gildea: "Re: X authentication"
- Previous message: Nathan Lawson: "Re: Need source routing prog"
- In reply to: That Whispering Wolf...: "SUID shell scripts, questions?"
- Next in thread: Greg Woods: "Re: SUID shell scripts, questions?"