Re: SUID permission on Bash script

---

• From: Giorgos Keramidas <keramida@xxxxxxxxxxxxxxx>
• Date: Sat, 29 Aug 2009 06:18:34 +0300

---

On Sat, 29 Aug 2009 02:24:31 +0100, RW <rwmaillists@xxxxxxxxxxxxxx> wrote:

On Fri, 28 Aug 2009 11:54:19 +0300 Giorgos Keramidas <keramida@xxxxxxxxxxxxxxx> wrote:

On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo <jeronimocalvop@xxxxxxxxxxxxxx> wrote:

As far as i know, using SUID, script must runs with root
permissions... so i shoudnt get "Permission denied", what im doing
wrong??

No it must not. There are security reasons why shell scripts are not
setuid-capable. You can find some of them in the archives of the
mailing list, going back at least until 1997.

I'm bit puzzled by this, previous threads have given the impression
that this is a myth, for example:

http://www.mail-archive.com/freebsd-questions@xxxxxxxxxxx/msg185134.html

So are scripts actually incapable of running setuid?

If you hack at the kernel it may still be possible to run a script with
setuid or setgid permissions. IMO there is still the possibility for
many things to go wrong, especially with "quick and dirty" scripts.

For example, what do you think will happen if a setuid script forgets to
properly quote filenames in commands like:

foo=$1
pidfile=/tmp/$foo.pid
echo $$ > $pidfile

# cleanup my pidfile
truncate -s $pidfile

and then I run the script with:

setuid.sh " /etc/master.passwd /tmp/foo"

If you guessed that the pid value was not saved anywhere, that because
of the lack of error checking nobody noticed, and that the final
truncate command may have just wiped your `master.passwd' file your
guess is probably right.

_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

---

• References:
  • SUID permission on Bash script
    • From: Jeronimo Calvo
  • Re: SUID permission on Bash script
    • From: Giorgos Keramidas
  • Re: SUID permission on Bash script
    • From: RW

• Prev by Date: Re: SUID permission on Bash script
• Next by Date: Re: SUID permission on Bash script
• Previous by thread: Re: SUID permission on Bash script
• Next by thread: Re: SUID permission on Bash script
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: CGI security on a shared web server (fwd) ... >> support setuid scripts ... I don't see why someone would suEXEC setuid perl scripts. ... (SecProg) Re: SUID permission on Bash script ... I learned about that a while back when I investigated setuid scripts for a coworker. ... It's not that setuid shell scripts are really more inherently insecure than programs written in C. ... (freebsd-questions) Re: setuid and secondary group on HPUX ... > I wrote a program which will setuid to a user and then run a script. ... > I start the program as root then setuid to user test, ... > scripts testll3. ... You need to account for the needed group permission by changing your setgid to ... (comp.sys.hp.hpux) Re: SetUID shell/perl scripts. ... > freeBSD doesn't support setuid shell scripts. ... In FreeBSD, it is enabled and such scripts work. ... # chmod 511 /usr/bin/suidperl ... (FreeBSD-Security) Re: [sh] How can function find invoking line # ? ... that support setuid bits on scripts (you could get a setuid ... script to run a ksh with escalated priviledges and have it run a ... on which systems are setuid scripts still possible? ... (comp.unix.shell)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

unix.derkeiler.com  > Mailing-Lists  > FreeBSD  > questions  > 2009-08