OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: Re: High ranking lusers

Re: High ranking lusers


Henry Hertz Hobbit (hhhobbiticarus.weber.edu)
Sat, 18 Apr 1998 16:17:23 -0600 (MDT)


On Thu, 16 Apr 1998 carsontla.org wrote:

>> Little Boss: The Big Boss wants a shell script to be setuid root.
>
> 2) Setuid shell scripts (at least /bin/sh ones) are secure in many modern
> operating systems, such as Solaris 2.x, thanks to /dev/fd

No they aren't secure, at least as a general rule. You can't easily
change what a binary does without actually replacing the binary.
With a shell script, all kinds of possibilities exist. If you can
exit to a shell the possibility of gaining unauthorized root access
exists. Trojan statements can be inserted in the shell file to cause
damage. What does the floppy device have to do with anything???

> 3) If (1) and (2) fail to make you modify your policy, you can always
> make him code a setuid wrapper in C, instead of shell.

This is *much* more preferable. Depends on the size of the shell
script, but do *NOT* have any system() functions in the code since
this is almost as bad as a shell file. If you can somehow shell out,
(or invoke a shell from the program) you are again gaining root
access.

HHH



This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:10:47 CDT