Sticky bit (SetUID) doesn't work?
in [Mac Systems]
|
From: Barry Margolin on 2 Jun 2010 20:44 In article <1jjg9jg.1tmq85y1c249qgN%nospam(a)see.signature>, nospam(a)see.signature (Richard Maine) wrote: > Wes Groleau <Groleau+news(a)FreeShell.org> wrote: > > > On 06-01-2010 23:48, Barry Margolin wrote: > > > > > > Is MG a script? setuid doesn't work for scripts. > > > > Hmmm. Is that an Apple "security enhancement"? > > > > It worked on other Unixes I've been on. > > Are you sure? I don't recall it as working on one's I've used, and I I think it works on Solaris, but not most other Unixes. > don't off-hand see how it could work. Setuid changes the effective uid > of the process, but a shell script doesn't involve a separate process > other than the shell. Since the script is run in a separate shell process, it *can* work. The system specifically prohibits it for security reasons. Suppose there's a setuid-root shell script /bin/setuid_script. You create a link to it in your directory, call this ~/myscript. Then you run ~/myscript. The OS executes: /bin/sh ~/myscript as root. As this is starting up, you remove the link to /bin/setuid_script and replace it with a script of your own. Now the system will run YOUR script with root privileges. Solaris uses a trick to solve this. When the script is setuid, the kernel opens the script file, and then executes: /bin/sh /dev/fd/<fdnum> Since the interpreter is no longer accessing the script by its filename, the user can't redirect it to a different file. For some reason, I don't think most other flavors of Unix have adopted this technique. -- Barry Margolin, barmar(a)alum.mit.edu Arlington, MA *** PLEASE post questions in newsgroups, not directly to me *** *** PLEASE don't copy me on replies, I'll read them in the group *** |