SGID/SUID on scripts
Stephane LAPIE
stephane.lapie at darkbsd.org
Thu Jul 23 23:12:07 UTC 2009
Ivan Voras wrote:
> 2009/7/23 <perryh at pluto.rain.com>:
>> Ivan Voras <ivoras at freebsd.org> wrote:
>>> Presumingly, the biggest concern is with scripts owned by root.
>>> Who can unlink, move or change the script? The owner and his
>>> group can change it; the directory owner can unlink it ...
>> Anyone can make a link to such a script in, say, /tmp and then
>> mess with the link :(
Either way, allowing SUID on scripts without proper guarantees you
actually run what you WANT to run, would mean that you can basically
execute "whatever code you are able to slip in there" using someone
else's credentials, even if not root. You could be able to modify
scripts belonging to your own group, while not being able to execute
them with the owner user.
The point is : "ID/credential usurpation", even if not actual meaningful
(on a system-level) "privilege escalation" per se can be a grave problem
enough, especially in corporate environments. Therefore any
implementation allowing for this behavior should not be accepted, imho.
--
Stephane LAPIE, EPITA SRS, Promo 2005
"Even when they have digital readouts, I can't understand them."
--MegaTokyo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20090723/b83e2b7d/signature.pgp
More information about the freebsd-hackers
mailing list