rich@rexago1.UUCP (K. Richard Magill) (11/25/85)
On SV.2 (3b2, pc7300 (Safari)) suid bits do not work on shell scripts. Am I just silly or don't I remember them working on 2 other UN*X-ish (TNIX, XENIX) environments? K. Richard Magill
bamford@ihuxw.UUCP (h. bamford) (11/27/85)
> On SV.2 (3b2, pc7300 (Safari)) suid bits do not work on shell scripts. Am > I just silly or don't I remember them working on 2 other UN*X-ish (TNIX, > XENIX) environments? > Suid bits on shell scripts don't work on any machine I have ever used. This includes PDP-11/70, Vax, 3b20, U370, PC7300. It is frustrating, but I have wound up making up a little C program which execs the shell. The C program has the suid bit set... -- Harold Bamford AT&T Bell Labs Naperville, Ill (cornet) 8-367-5744 (312) 979-5744 (work)
rt@cpsc53.UUCP (Ron Thompson) (11/27/85)
> On SV.2 (3b2, pc7300 (Safari)) suid bits do not work on shell scripts. Am > I just silly or don't I remember them working on 2 other UN*X-ish (TNIX, > XENIX) environments? They have never worked on any SysV.(2 or no) that I have ever used. -- Ron Thompson AT&T Information Systems Customer Programming (404) 982-4217 Atlanta, Georgia Services Center ..{ihnp4,akgua}!cpsc53!rt (Opinions expressed are mine alone.)
gwyn@brl-tgr.ARPA (Doug Gwyn <gwyn>) (11/27/85)
> On SV.2 (3b2, pc7300 (Safari)) suid bits do not work on shell scripts.
Eek, I should hope not! Can you say "Security hole big enough
to drive a truck through?" I knew you could!
jsdy@hadron.UUCP (Joseph S. D. Yao) (11/28/85)
In article <123@rexago1.UUCP> rich@rexago1.UUCP (K. Richard Magill) writes: >On SV.2 (3b2, pc7300 (Safari)) suid bits do not work on shell scripts. Am >I just silly or don't I remember them working on 2 other UN*X-ish (TNIX, >XENIX) environments? Setuid bits never used to work on shell scripts, because the shell scripts were/are not executed -- the s h e l l is/was executed with the script name as argument. In 4BSD and 4BSD-ische systems, if the first two chars in a shell script are "#!" and the rest of the first line is the name of a program (most often a shell) to run with that script as input, then the kernel runs that program, but some other effects are as if the script had been directly executed; e.g., the setuid and getuid bits are honoured. Note that on non-4BSD-ische systems where the C shell emulates this behaviour, the side effects still don't exist because the kernel is not doing the executing. -- Joe Yao hadron!jsdy@seismo.{CSS.GOV,ARPA,UUCP}
edward@ukecc.UUCP (Edward C. Bennett) (11/28/85)
In article <114@brl-tgr.ARPA>, gwyn@brl-tgr.ARPA (Doug Gwyn <gwyn>) writes: > > On SV.2 (3b2, pc7300 (Safari)) suid bits do not work on shell scripts. > > Eek, I should hope not! Can you say "Security hole big enough > to drive a truck through?" I knew you could! I've heard that said about shell scripts many times, but no one has ever explained why. Could some knowledgeable soul fill me in please? Thanks much, -- Edward C. Bennett UUCP: ihnp4!cbosgd!ukma!ukecc!edward /* A charter member of the Scooter bunch */ "Goodnight M.A."
guy@sun.uucp (Guy Harris) (11/29/85)
> > On SV.2 (3b2, pc7300 (Safari)) suid bits do not work on shell scripts. Am > > I just silly or don't I remember them working on 2 other UN*X-ish (TNIX, > > XENIX) environments? > > Suid bits on shell scripts don't work on any machine I have ever used. > This includes PDP-11/70, Vax, 3b20, U370, PC7300. It is frustrating, > but I have wound up making up a little C program which execs the shell. > The C program has the suid bit set... Set-UID bits don't work on shell scripts, in general, because for them to work the shell'd have to be running set-UID. If you're running a shell as yourself, and it tries to run a shell script which is set-UID to "root", how would it be able to get "root"s privileges? And if *it* could get root privileges, what would prvent some program you wrote like main() { system("rm -rf /"); } from getting them as well? In some systems (4.1BSD, 4.2BSD, Version 8, and some others which have added this feature - originally concocted by Dennis Ritchie), you can have the kernel detect a shell script and run a shell (or other interpreter) on that script. In this case, you *can* have set-UID shell scripts; the kernel is trusted code (yuk yuk) and can give the shell it's firing off to run the set-UID script the appropriate privileges. However, there is a horrible security hole in this; I think there's a fix, but I don't know if it closes all the holes, and it involves changing any and all shells and other interpreters - a minor change, but still a change, and you need source to change it. So don't set up set-UID shell scripts if you don't trust your user population. Guy Harris
tp@ndm20 (11/29/85)
>> On SV.2 (3b2, pc7300 (Safari)) suid bits do not work on shell scripts. Am >> I just silly or don't I remember them working on 2 other UN*X-ish (TNIX, >> XENIX) environments? >Suid bits on shell scripts don't work on any machine I have ever used. >This includes PDP-11/70, Vax, 3b20, U370, PC7300. It is frustrating, >but I have wound up making up a little C program which execs the shell. >The C program has the suid bit set... I'm glad I didn't know this, because I had need of some scripts that were suid, so I wrote them and they worked! I am on a Masscomp, which runs a blend of SysIII, SysV, 4.1, and 4.2. Terry Poot Nathan D. Maier Consulting Engineers (214)739-4741 Usenet: ...!{allegra|ihnp4}!convex!smu!ndm20!tp CSNET: ndm20!tp@smu ARPA: ndm20!tp%smu@csnet-relay.ARPA
henry@utzoo.UUCP (Henry Spencer) (11/29/85)
> > Eek, I should hope not! Can you say "Security hole big enough > > to drive a truck through?" I knew you could! > > I've heard that said about shell scripts many times, but no > one has ever explained why. Could some knowledgeable soul fill me > in please? Basically because the interpretation of shell scripts is much more a function of context than is the case for C programs, and the shell script has less control over the context. Writing bullet-proof setuid programs in C is extremely difficult; most existing setuid programs can be induced to fall over or misbehave if you work at it hard enough. In the shell it's far worse. Consider the effect of running a setuid shell program with a nonstandard value of IFS set -- the interpretation of the shell script will bear no relation to what the writer intended. This problem can be solved, but there are ten more lurking deeper in. The shell is simply too complex to permit *confidence* that there are no further holes, given that such confidence is very difficult to achieve even in C. -- Henry Spencer @ U of Toronto Zoology {allegra,ihnp4,linus,decvax}!utzoo!henry
crc@abic.UUCP (Clive Charlwood) (12/09/85)
> > >> On SV.2 (3b2, pc7300 (Safari)) suid bits do not work on shell scripts. Am > >> I just silly or don't I remember them working on 2 other UN*X-ish (TNIX, > >> XENIX) environments? > >Suid bits on shell scripts don't work on any machine I have ever used. > >This includes PDP-11/70, Vax, 3b20, U370, PC7300. It is frustrating, > >but I have wound up making up a little C program which execs the shell. > >The C program has the suid bit set... > > I'm glad I didn't know this, because I had need of some scripts that > were suid, so I wrote them and they worked! I am on a Masscomp, > which runs a blend of SysIII, SysV, 4.1, and 4.2. > I too have used the setuid bit on a masscomp machine. Two important points though. i) You need to include the line '#! /bin/sh' so that exec(2) can handle it. ii) Your shell script runs as a restricted shell. (Anybody know a way around this folks) Clive Charlwood. P.S. I hate :->, :-) ;-} etc. Please desist.
crc@abic.UUCP (Clive Charlwood) (12/10/85)
> > > >> On SV.2 (3b2, pc7300 (Safari)) suid bits do not work on shell scripts. > > I have used the setuid bit on a masscomp machine. Two important > points though. > i) You need to include the line '#! /bin/sh' so that exec(2) can > handle it. > > ii) Your shell script runs as a restricted shell. (Anybody know a > way around this folks) (IF THE *PROGRAM* NAME contains an 'r' in SYSV.2) Does anyone know why the stupid test for 'r' in the progname. I thought I'd left that sort of junk behind with fortran! Clive Charlwood.
jim@ISM780B.UUCP (12/14/85)
> Does anyone know why the stupid test for 'r' in the progname. > I thought I'd left that sort of junk behind with fortran! The real problem is an error in the design of #!, and that error appears to have been propagated everywhere (so at least it is consistent). When excuting a #! file, the kernel passes (the last component of) the file name as argv[0] to the program being run (e.g., sh). Thus, not only does any script containing an r invoke a restricted shell because the shell checks its argv[0] to decide whether it is to run restricted, but also when programs which use their argv[0] to determine how to identify themselves in error messages are run via #!, you get things like foo: syntax error in foo, line 47 instead of <name of command>: syntax error in foo, line 47 And generally, any program which uses the name it is linked to to determine its behavior cannot be used effectively with #!. Whoever came up with this behavior no doubt thought at the time that it was clever. Such is the result of failure to think things through. -- Jim Balter, INTERACTIVE Systems Corporation (ima!jim)