What are the ramifications of enabling setuid scripts?

What are the ramifications of enabling setuid scripts?

Post by Ed Finc » Fri, 28 Aug 1998 04:00:00



We have about 400 Unix servers, mostly Solaris systems.
On IRIX 6.2 (the SGI OS) the default is to disallow the
execution of setuid scripts. A request has been made to
enable setuid scripts on the SGIs, and I would like to
start a discussion on the pros/cons of setuid scripts
in general.

Thanks in advance,
Ed

   Q: Why do PCs have a reset button on the front?
   A: Because they are expected to run Microsoft operating systems.

 
 
 

What are the ramifications of enabling setuid scripts?

Post by Arran Pric » Tue, 01 Sep 1998 04:00:00



> We have about 400 Unix servers, mostly Solaris systems.
> On IRIX 6.2 (the SGI OS) the default is to disallow the
> execution of setuid scripts. A request has been made to
> enable setuid scripts on the SGIs, and I would like to
> start a discussion on the pros/cons of setuid scripts
> in general.

> Thanks in advance,
> Ed

>    Q: Why do PCs have a reset button on the front?
>    A: Because they are expected to run Microsoft operating systems.

Setuid scripts can be a security problem, mainly because as a script its
easy to tell what the script does and therefore try and do something
malicious with it. A compiled program of course just looks like so much
gobbledy gook. I have tended to create c wrappers for any scripts I need
to run as root. There are instructions on how to do this in numerous
places (unfortunately I dont have any examples with me).
Another alternative is the use of sudo.- Allows restricted root type
access (and available practically all versions of unix).

Hope that helps

Arran
My opinions are my own and do not reflect those of my employer.

 
 
 

What are the ramifications of enabling setuid scripts?

Post by Paul Sco » Tue, 01 Sep 1998 04:00:00





>> We have about 400 Unix servers, mostly Solaris systems.
>> On IRIX 6.2 (the SGI OS) the default is to disallow the
>> execution of setuid scripts. A request has been made to
>> enable setuid scripts on the SGIs, and I would like to
>> start a discussion on the pros/cons of setuid scripts
>> in general.

>Setuid scripts can be a security problem, mainly because as a script its

                                           ^^^^^^^^^^^^^^

mainly because ANY shell suid shell script that I can execute (even if it
only has execute permission so I can't see what it does) will allow me to
get in as the suid user.

This has been discussed a lot before. setuid scripts are really bad.

Paul Scott

 
 
 

What are the ramifications of enabling setuid scripts?

Post by Steve Madi » Wed, 16 Sep 1998 04:00:00


: --------------3D57BF7A62C8B0AF6C6D990A
: Content-Type: text/plain; charset=us-ascii
: Content-Transfer-Encoding: 7bit

: We have about 400 Unix servers, mostly Solaris systems.
: On IRIX 6.2 (the SGI OS) the default is to disallow the
: execution of setuid scripts. A request has been made to
: enable setuid scripts on the SGIs, and I would like to
: start a discussion on the pros/cons of setuid scripts
: in general.

A setuid script, in order to work, has to be readable by the person
executing it (world-readable generally).  While this doesn't allow
the person reading it to change it, it *does* give him an extremely
* view of what the script is doing.  Thus if the script has any
security flaws, no matter how bizzarre or obscure, the user has the
ability to discover them by deduction.  Sometimes you can be bitten
by stuff you would never expect.  (For example I remember one script
that did an "eval" on an string that contained some user input.  So
a user sees this and devises an input value that will cause that
eval to execute a command, for example "chmod 777 /etc/shadow".)

To solve your problem:

It is extremely dead simple to make a C program like so:

int main(...)
{
    system( "commandline to run the script here" );

Quote:}

And compile it and make it setuid.  Have it run the script.  Then the
script itself can be readable only by root and ordinary users cannot
see how it works, but the setuid C program can read it as root and run
it.

If you need something more versitile, look into "sudo".
--

 
 
 

1. What are the ramifications of enabling setuid scripts?

We have 6-12 SGIs running IRIX 6.2. A request has been made
to enable setuid scripts, but the default is to not allow
them. Why is the default "off" and what are the ramifications
of enabling this?

Thanks in advance,
Ed

   Q: Why do PCs have a reset button on the front?
   A: Because they are expected to run Microsoft operating systems.

2. solaris 7 for intel Configuration Assistant diskette

3. Q: X and virtual consoles

4. ASCII Box Draw Characters...

5. Want to enable setuid scripts

6. Linux doesn't recognize dos partitition. Please help!

7. Help. What am I doing wrong with setuid?

8. setuid - can you tell me what I am doing wrong?

9. Enabling core dumps for setuid programs

10. Setuid to enable user access to traceroute

11. Need help with setuid() problems on 386/ix with setuid root program.