`here' document in suid-wrapped shell script -- safe?

`here' document in suid-wrapped shell script -- safe?

Post by Ralf Fasse » Sat, 14 Jun 1997 04:00:00



G'Day,
scenario:

suid-root C wrapper:
    char *envp[] = {
        "PATH=/usr/sbin:/usr/bsd:/bin:/usr/bin",
        0
    };
    main()
    {
        execle("/bin/sh", "use-mo", MO_SCRIPT, NULL, envp);
        perror("execle of /bin/sh " MO_SCRIPT " failed");
        exit(1);
    }
with MO_SCRIPT pointing to a (root-controlled :-) shell script in
/usr/local/bin.

[Q] Is it safe to use a `here' document in the shell script?

My understanding is that `here' documents are created as temporary files in
/tmp and fed to the program via stdin.  Now, if I guess to what the temp
file name will be and create a link in /tmp to some interesting system
file, would the shell detect this and not blindly dump the input on the
link?

Any input appreciated.
Regards
R'
--
Disinformation is not as good as datinformation.

 
 
 

1. how do i create a shell script that will rewrap itself to the correct shell wrap


   >shell scripts normally have to run under the same shell or at the
   >very least, you have to specify say ksh shellscript...
   >how do i create a shell script that will rewrap itself to the
   >correct shell wrapper regardless of what shell the user runs it
   >under?
   >so even if the user is under sh, the shell will auto-sense and put a
   >ksh wrapper on itself?
Find out where ksh is located on your system, and make the first line of
the script #! followed by the pathname, for example:
#!/bin/ksh
or
#!/usr/bin/ksh

Net-Tamer V 1.08X - Test Drive

2. INstall gftp geeft me dit

3. why don't my suid root shell scripts work under Solaris 2.5?

4. PPP and Ricochet

5. Solaris 2.6: 'Async safe' implies 'thread safe' ?

6. 2.5.63 bug when mounting dirty loopback ext3 filesystems

7. shell script's suid

8. HELP: Can MKlinux run stuff that regular Linux can?

9. Difference Between 'Safe' And 'MT-Safe' ML-Level

10. How do you make a safe SUID script?

11. Strange shell "feature" w/ 'HERE document in function'

12. How to securely execute SUID ROOT shell scripts?

13. help with suid shell script not doing what it should.