gmozfg
Last Updated: February 25, 2016
·
897
· sheerun
Photo on 08.01.2013 at 04.15

Never set SUID bit on shell scripts

Because of a fundamental flaw with the UNIX implementation of shell scripts and SUID , you cannot execute SUID shell scripts in a completely secure manner on systems that do not support the /dev/fd device. This flaw arises because executing a shell script under UNIX involves a two-step process: when the kernel determines that a shell script is about to be run, it first starts up a SUID copy of the shell interpreter, then the shell interpreter begins executing the shell script. Because these two operations are performed in two discrete steps, you can interrupt the kernel after the first step and switch the file that the shell interpreter is about to execute. In this fashion, an attacker could get the computer to execute any shell script of his or her choosing, which essentially gives the attacker superuser privileges. Although this flaw is somewhat mitigated by the /dev/fd device, even on systems that do support a /dev/fd device, SUID shell scripts are very dangerous and should be avoided.

Reference: http://docstore.mik.ua/orelly/networking/puis/ch05_05.htm

Say Thanks
Respond
Filed Under

Awesome Job

16280de8 7c1b 11e7 8768 5c1fc377b8ec
Python Developer
·
Papendrecht, the Netherlands
·
Full Time