SGID/SUID on scripts
Ivan Voras
ivoras at freebsd.org
Thu Jul 23 16:16:16 UTC 2009
DarkSoul wrote:
> Anthony Pankov wrote:
>> SGID/SUID bits don't work with shell scripts, do they?
>>
>> And no mention in chmod(1,2) manual.
>
> They don't.
>
> One reason for this, is that if they were applied, the following would
> occur :
> - execve() syscall reads your script's shebang line, and the script
> interpreter is executed, receiving the specified arguments along with
> the script name.
> - The interpreter then open()s the script file to read it, and run the code.
>
> The problem you then are faced with, is that you have a time frame
> defined by the moment between the aforementioned execve() and open(),
> during which it could be possible to unlink/move/whatever the shell
> script the interpreter is going to open.
>
> You guess where this is going, you have no absolute way of guaranteeing
> you are executing the file you initially planned on opening because
> execution/opening/reading is not, and can't be done atomically for shell
> scripts.
Hmm...
Presumingly, the biggest concern is with scripts owned by root. Who can
unlink, move or change the script? The owner and his group can change
it; the directory owner can unlink it. It looks like the targetted
problem is if a root creates a script in a user-owned directory and then
makes it suid. It looks more like a PEBKAC then a system problem - is it
really so serious there is no sysctl to disable the check?
More information about the freebsd-hackers
mailing list