urlichs@smurf.sub.org (Matthias Urlichs) (08/27/90)
It seems that A/UX 2.0(seeding final) doesn't honor the setuid bits when invoking programs via a script. This bothers me because Perl wants #!/usr/local/bin/suidperl in the first line. If I say % suidperl script then the scruipt runs perfectly well. On the other hand, % script (with script of mode 06755) won't do anything except "can't suid" or something, which here means that geteuid() returns non-zero. Does anyone know a reasonable workaround? The only way I've seen is an additional indirection, as in #!/bin/sh exec /usr/lcoal/bin/suidperl script.real Not an ideal solution..? -- Matthias Urlichs -- urlichs@smurf.sub.org -- urlichs@smurf.ira.uka.de Humboldtstrasse 7 - 7500 Karlsruhe 1 - FRG -- +49+721+621127(Voice)/621227(PEP)
merlyn@iwarp.intel.com (Randal Schwartz) (08/28/90)
In article <^-i2f2.-42@smurf.sub.org>, urlichs@smurf (Matthias Urlichs) writes: | It seems that A/UX 2.0(seeding final) doesn't honor the setuid bits when | invoking programs via a script. Good for it. It's working properly. Suid scripts are a dangerous security hole. Don't use'em. If you haven't disabled setuid scripts on your system, do that. Then, put a little C program wrapper around your script with the following program (thanks Larry) (by the way, this program is its own manpage in the format that Larry developed... if you don't have pl28 running, throw away anything that doesn't look like a Perl program before execution): ================================================== snip here #!/usr/bin/perl 'di'; 'ig00'; # # $Header$ # # $Log$ if ($#ARGV >= 0) { @list = @ARGV; foreach $name (@ARGV) { die "You must use absolute pathnames.\n" unless $name =~ m|^/|; } } else { open(DF,"/etc/mount|") || die "Can't run /etc/mount"; while (<DF>) { chop; $_ .= <DF> if length($_) < 50; @ary = split; push(@list,$ary[2]) if ($ary[0] =~ m|^/dev|); } } $fslist = join(' ',@list); die "Can't find local filesystems" unless $fslist; open(FIND, "find $fslist -xdev -type f \\( -perm -04000 -o -perm -02000 \\) -print|"); while (<FIND>) { chop; next unless -T; print "Fixing ", $_, "\n"; ($dir,$file) = m|(.*)/(.*)|; chdir $dir || die "Can't chdir to $dir"; ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$mtime,$ctime, $blksize,$blocks) = stat($file); die "Can't stat $_" unless $ino; chmod $mode & 01777, $file; # wipe out set[ug]id bits rename($file,".$file"); open(C,">.tmp$$.c") || die "Can't write C program for $_"; $real = "$dir/.$file"; print C ' main(argc,argv) int argc; char **argv; { execv("' . $real . '",argv); } '; close C; system '/bin/cc', ".tmp$$.c", '-o', $file; die "Can't compile new $_" if $?; chmod $mode, $file; chown $uid, $gid, $file; unlink ".tmp$$.c"; chdir '/'; } ############################################################################## # These next few lines are legal in both Perl and nroff. .00; # finish .ig 'di \" finish diversion--previous line must be blank .nr nl 0-1 \" fake up transition to first page again .nr % 0 \" start at page 1 ';__END__ ############# From here on it's a standard manual page ############ .TH SUIDSCRIPT 1 "July 30, 1990" .AT 3 .SH NAME suidscript \- puts a compiled C wrapper around a setuid or setgid script .SH SYNOPSIS .B suidscript [dirlist] .SH DESCRIPTION .I Suidscript creates a small C program to execute a script with setuid or setgid privileges without having to set the setuid or setgid bit on the script, which is a security problem on many machines. Specify the list of directories or files that you wish to process. The names must be absolute pathnames. With no arguments it will attempt to process all the local directories for this machine. The scripts to be processed must have the setuid or setgid bit set. The suidscript program will delete the bits and set them on the wrapper. .PP Non-superusers may only process their own files. .SH ENVIRONMENT No environment varialbes are used. .SH FILES None .SH AUTHOR Larry Wall .SH "SEE ALSO" .SH DIAGNOSTICS .SH BUGS .ex ================================================== snip here eval unpack("u","A<')I;G0@)TIU<W0@86YO=&AE<B!097)L(&AA8VME<BPG") -- /=Randal L. Schwartz, Stonehenge Consulting Services (503)777-0095 ==========\ | on contract to Intel's iWarp project, Beaverton, Oregon, USA, Sol III | | merlyn@iwarp.intel.com ...!any-MX-mailer-like-uunet!iwarp.intel.com!merlyn | \=Cute Quote: "Welcome to Portland, Oregon, home of the California Raisins!"=/