Google
  Web www.spinics.net

Re: chmod u+s confusion

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
> Hey,
> 
> I've used chmod to set suid for a file before and thought I had a good
> grasp of how it worked. Recently I've found myself trying to set it for
> a script. Here's what I see ($ denotes user account, # is root):
> 
> $ echo -e '#!/bin/sh\n\nwhoami'>whoami.sh
> # chown root:root whoami.sh
> # chmod 4755 whoami.sh
> $ ./whoami.sh
> chris
> # chmod u+s `which whoami`
> $ whoami
> root
> 
> [Note: u+s is equivalent to 4xxx, sorry for the change-up]
> 
> So... why doesn't this make whoami.sh run the 'whoami' program as root?
> It's worked for the programs whoami, and is a common mode set on
> cdrecord.
> 
> Thanks for your help (and enlightenment).
> 

Bash (/bin/sh) may be own check if it is run on root.

But there is also another problem with running setuid scripts.

It is following:

Lets assume that script is  named as "Script"

and file Script have first line

#!/bin/interpreter


When kernel gets execve("Script", ... ) system call, it check what
loader it should use. When program start with #! kernel instead
runs program given on that line and giving script file name as argument.
So it is like
	/bin/interpreter Script

is called.


Now there is problem (perhaps also other problems). If Script
is replaces with another file between /bin/interpreter is started
and when  /bin/interprete opens file given as argument, then
/bin/interpreter is opened and interpreting wrong file.

This is specially problem if Script is setuid root. Then /bin/interpreter
is execured as root.  Then it is better that file, what /bin/interpreter
is opened, is same than for which kernel started /bin/interpreter as root.


I do not know how linux hanles that. My impression that many systems
do not honor setuid bit on scripts because of this.


/ Kari Hurtta




-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

[Site Home]     [Audio]     [Hams]     [Kernel Newbies]     [Memory]     [Security]     [Netfilter]     [Bugtraq]     [Writing Drivers]     [Photo]     [Yosemite Photos]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Linux Resources]     [Fedora Users]

  Powered by Linux