minimize use of root account
matthew at FreeBSD.org
Sat Feb 20 09:42:26 UTC 2016
On 19/02/2016 21:11, Polytropon wrote:
>> I thought suid scripts were disabled years ago because they were a major
>> > security loophole?
> You're right - it's the case.
> % ll root_test.sh
> -rwsr-sr-x 1 poly poly 24 2016-02-19 19:25:20 root_test.sh*
> % cat root_test.sh
> id -u
> % ./root_test.sh
> % sudo ./root_test.sh
> I think this is fully intended.
Although 'no setuid scripts' is pretty well embedded in the Unix psyche,
I was under the impression the underlying problem had been fixed some
The problem with a setuid script is that there is a window of
opportunity between the system opening the script, parsing the #! line,
firing up the appropriate interpreter and having that *reopen* the
script to execute it -- if you can replace the script at just the right
time, you can get anything executed with root permissions.
This was solved, as I recall, by the system passing its already open
file descriptor on the original script to the interpreter. That
requires the fdescfs pseudo-filesystem to be mounted, which populates
/dev/fd. You need the full fdescfs mounted -- devfs only gives you
filedescriptor devices for stdin, stdout and stderr for a process, and
that's not enough.
Even so, irrespective of fdescfs being mounted or not, it seems setuid
scripts are still disallowed.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 931 bytes
Desc: OpenPGP digital signature
More information about the freebsd-questions