On Wed, Jul 22, 2009 at 2:42 PM, Anthony Pankov wrote:
>
> SGID/SUID bits don't work with shell scripts, do they?
No. A possible workaround is have a SUID/SGID version of you
interpreter and use it. Something like
# pw groupadd -n sush -g 401
# cp /bin/sh /bin/sush
# chown root:sush /bin/sush
# c
Jonathan McKeown writes:
> On Thursday 23 July 2009 20:28:52 Lowell Gilbert wrote:
>> That's clever, but how would it work in practice, while common shells
>> and scripting languages may not implement their side of it?
>
> http://www.in-ulm.de/~mascheck/various/shebang/ claims that it's been
>
Ivan Voras wrote:
> 2009/7/23 :
> > Ivan Voras wrote:
> >> Presumingly, the biggest concern is with scripts owned by root.
> >> Who can unlink, move or change the script? The owner and his
> >> group can change it; the directory owner can unlink it ...
> >
> > Anyone can make a link to such a sc
On Thursday 23 July 2009 20:28:52 Lowell Gilbert wrote:
> per...@pluto.rain.com writes:
[snip description of shell opening a script, finding a #! line and passing a
file descriptor for the opened script to the intended interpreter
in /dev/fd/, to avoid a race condition where the shell opens the
Ivan Voras wrote:
> 2009/7/23 :
>> Ivan Voras wrote:
>>> Presumingly, the biggest concern is with scripts owned by root.
>>> Who can unlink, move or change the script? The owner and his
>>> group can change it; the directory owner can unlink it ...
>> Anyone can make a link to such a script in, s
per...@pluto.rain.com writes:
> DarkSoul wrote:
>> Anthony Pankov wrote:
>> > SGID/SUID bits don't work with shell scripts, do they?
>>
>> They don't.
>>
>> ... if they were applied, the following would occur :
>> - execve() syscall reads your script's shebang line, and
>> the script interpreter
2009/7/23 :
> Ivan Voras wrote:
>> Presumingly, the biggest concern is with scripts owned by root.
>> Who can unlink, move or change the script? The owner and his
>> group can change it; the directory owner can unlink it ...
>
> Anyone can make a link to such a script in, say, /tmp and then
> mes
Ivan Voras wrote:
> Presumingly, the biggest concern is with scripts owned by root.
> Who can unlink, move or change the script? The owner and his
> group can change it; the directory owner can unlink it ...
Anyone can make a link to such a script in, say, /tmp and then
mess with the link :(
DarkSoul wrote:
Anthony Pankov wrote:
SGID/SUID bits don't work with shell scripts, do they?
And no mention in chmod(1,2) manual.
They don't.
One reason for this, is that if they were applied, the following would
occur :
- execve() syscall reads your script's shebang line, and the script
int
On Thursday 23 July 2009 07:00:58 per...@pluto.rain.com wrote:
> DarkSoul wrote:
> > Anthony Pankov wrote:
> > > SGID/SUID bits don't work with shell scripts, do they?
> >
> > They don't.
[snip description of race condition]
> In principle, it should be possible to fix this exposure by
> improvi
Thursday, July 23, 2009, 3:02:03 AM, Julian Elischer wrote:
JE> google SUID script security
Preface:
There is a file:
rwxr-sr-x some:powerg dothething
Run it: ./dothething
Make shure that process egid isn't powerg.
Resume:
I'm too dumb to ask google "SUID script security" with this prefac
DarkSoul wrote:
> Anthony Pankov wrote:
> > SGID/SUID bits don't work with shell scripts, do they?
>
> They don't.
>
> ... if they were applied, the following would occur :
> - execve() syscall reads your script's shebang line, and
> the script interpreter is executed, receiving the specified
> ar
Anthony Pankov wrote:
> SGID/SUID bits don't work with shell scripts, do they?
>
> And no mention in chmod(1,2) manual.
They don't.
One reason for this, is that if they were applied, the following would
occur :
- execve() syscall reads your script's shebang line, and the script
interpreter is ex
Anthony Pankov wrote:
SGID/SUID bits don't work with shell scripts, do they?
No
google SUID script security
And no mention in chmod(1,2) manual.
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-h
14 matches
Mail list logo
