is sudo shellscript secure ?

is sudo shellscript secure ?

Post by Alexander Bluh » Thu, 11 May 2000 04:00:00



When I set the s-bit on a shell-script, it is ignored by the kernel.
I think that is what all UNIXes do, I tried it with Linux.
But I don't know why this is done. Does there exist an exploit,
or is it just too easy to write insecure SUID-root shell scripts ?

So my second question is, is it secure to give a shell script
root privileges with sudo ?

And third, if it is not secure in general, is it secure when
I just use a very simple shell script without commandline parsing ?

I want to enable my users to mount the cdromdrive under OpenBSD,
and I have not found an 'user' fstab option as it exists in Linux.
So I wrote a script like this

#!/bin/sh
/sbin/mount /mnt/cdrom

and put it into sudoers.

Alex

 
 
 

is sudo shellscript secure ?

Post by Bill Woodfo » Thu, 11 May 2000 04:00:00




Quote:>When I set the s-bit on a shell-script, it is ignored by the kernel.
>I think that is what all UNIXes do, I tried it with Linux.
>But I don't know why this is done. Does there exist an exploit,
>or is it just too easy to write insecure SUID-root shell scripts ?

In my experience (limited as it is) I've found most discouraged the use of
SUID bit if ti isnt absolutely neccessary.

Quote:>So my second question is, is it secure to give a shell script
>root privileges with sudo ?

You could, but why not just put `mount /mnt/cdrom` and `umount /mnt/cdrom`
in the sudoers file instead.  That way you dont have to worry about
wherther the shell script will be secure :)  But Honestly, I believe it
would be fine.  I have a sudoers file setup on some of my work machines so
users can start and stop certain services on their machines.

Quote:>And third, if it is not secure in general, is it secure when
>I just use a very simple shell script without commandline parsing ?

Dont know enough about shell scripts t oknow whether one can trap command
line arguments, but Id tentatively say yes.  however, if you're running the
shell script via sudo, then command line arguments should be an issue, as
the command issued must match the command listed in the sudoers files for a
given user (or group).

Quote:>I want to enable my users to mount the cdromdrive under OpenBSD,
>and I have not found an 'user' fstab option as it exists in Linux.
>So I wrote a script like this

>#!/bin/sh
>/sbin/mount /mnt/cdrom

>and put it into sudoers.

I'll leave it to the securty guru's to tell you whether what you've written
would be problematic, But it looks ok to me (FWIW).

--
Bill Woodford

20 days, 5 hours and 53 minutes remaining.

 
 
 

is sudo shellscript secure ?

Post by mips » Fri, 12 May 2000 04:00:00




> >When I set the s-bit on a shell-script, it is ignored by the kernel.
> >I think that is what all UNIXes do, I tried it with Linux.
> >But I don't know why this is done. Does there exist an exploit,
> >or is it just too easy to write insecure SUID-root shell scripts ?

> In my experience (limited as it is) I've found most discouraged the use of
> SUID bit if ti isnt absolutely neccessary.

That's why suid bit disappear when the file is modified, it's a
mechanism to prevent evil use of them ;)

mips

 
 
 

1. secure shellscript menu?

Hi, I've been looking for this but haven't had luck in finding
conclusive information. Probably someone can help me here.
I want to restrict access to a production server by allowing users
perform actions trough a menu and avoid them getting to the shell. I'm
still unsure if this will work and would like some comments on it.

I have put up the following scheme: (users will login with user
monitor)

--- /etc/passwd ---
monitor:*:228:15::/usr/users/monitor:/usr/users/monitor/menu.sh

--- menu.sh ---
while true
  clear
  echo "1. Directory Listing"
  echo "2. Good by"
  read opt
  case $opt in
    1) /user/users/monitor/lslrt.sh ;;
    2) exit ;;
  esac
done

--- lslrt.sh ---
clear
echo "Which directory do you want to list: \c"; read DIR
echo "Enter the file mask (i.e. *.log): \c"; read MASK
ls -lrt $DIR/$MASK|more
pause
----------

Is this secure enough? Im worried that lslrt.sh may allow a user to
enter some weird input and gain shell access when the ls is executed.
If that is possible how could he do it and how could I prevent it?

Thanks,
Fernando

2. Many VGA cards in one OS...

3. sudo - how secure is it?

4. NETWORK/COMPUTER OPPTY'S

5. Looking for secure text editor for use with sudo

6. Question: xringd and multiple telephone companies

7. Secure Secure Secure

8. Delete inhibit.

9. help needed for sudo, can't find sudo.log

10. Am i secure?

11. Am I secure with ipchains and TCP WRAPPERS??

12. How secure am I really??

13. How secure am I?