Re: chpasswd

From: Stachu 'Dozzie' K. (cut-to-last-hypen-dozzie_at_dynamit.im.pwr.wroc.pl)
Date: 08/24/04


Date: Tue, 24 Aug 2004 12:38:43 +0000 (UTC)

On 2004-08-23, Kevin Rodgers wrote:
> Stachu 'Dozzie' K. wrote:
> > No, you understand it incorrectly. SUID bit *never* affects scripts,
> > only binaries (it's small simplification, try searching for suid-perl).
>
> That must depend on the OS, as I've used setuid and setgid scripts
> successfully (on SunOS/Solaris). But they were not owned by root.

Heh, good to know. Thanks.

> > It's security reason.
>
> I don't think setuid scripts are a security issue in general, just
> setuid root scripts.

I agree. All setuid executable files are a potential security risk, even
"stupid" ping.

-- 
Stanislaw Klekot


Relevant Pages

  • Re: CGI security on a shared web server (fwd)
    ... >> support setuid scripts ... I don't see why someone would suEXEC setuid perl scripts. ...
    (SecProg)
  • Re: SUID permission on Bash script
    ... I learned about that a while back when I investigated setuid scripts for a coworker. ... It's not that setuid shell scripts are really more inherently insecure than programs written in C. ...
    (freebsd-questions)
  • Re: [sh] How can function find invoking line # ?
    ... that support setuid bits on scripts (you could get a setuid ... script to run a ksh with escalated priviledges and have it run a ... on which systems are setuid scripts still possible? ...
    (comp.unix.shell)
  • Re: setuid and secondary group on HPUX
    ... > I wrote a program which will setuid to a user and then run a script. ... > I start the program as root then setuid to user test, ... > scripts testll3. ... You need to account for the needed group permission by changing your setgid to ...
    (comp.sys.hp.hpux)
  • Re: SetUID shell/perl scripts.
    ... > freeBSD doesn't support setuid shell scripts. ... In FreeBSD, it is enabled and such scripts work. ... # chmod 511 /usr/bin/suidperl ...
    (FreeBSD-Security)