[kismac] Re: suid off

  • From: Brad Knowles <brad@xxxxxxxxxxxxxxxxxxx>
  • To: kismac@xxxxxxxxxxxxx
  • Date: Thu, 28 Apr 2005 21:06:07 +0200

At 10:53 PM +0800 2005-04-28, Robin L Darroch wrote:

 I know this is going a bit off-topic, but I'm curious to know why the
 SETUID bit is - in and of itself - a serious security risk.

It's not. But it does create the possibility for a huge and easily exploited hole.

                                                              Surely as
 long as the process in question is appropriately secure,

That's the hard part. It's tough enough to do with binary programs written in languages like C. It's pretty much impossible to "appropriately secure" a shell script.

 Looking at it a different way, how do "modern Unix systems" enable an
 ordinary user to achieve anything that would need admin permissions
 along the way?

MacOS X is a pretty modern Unix. In this particular respect, they all do the same sorts of things, in the same way. But setuid shell scripts have been problematic ever since the setuid bit concept was created. On other modern Unixes, they usually don't make any attempt to create setuid shell scripts anymore.

Brad Knowles, <brad@xxxxxxxxxxxxxxxxxxx>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

    -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
    Assembly to the Governor, November 11, 1755

  SAGE member since 1995.  See <http://www.sage.org/> for more info.

Other related posts: