From: "H. Peter Anvin" <hpa@zytor.com>
To: linux-kernel@vger.kernel.org
Subject: Re: hard links create local DoS vulnerability and security proble
Date: 24 Nov 2003 12:22:52 -0800 [thread overview]
Message-ID: <bptpas$sj0$1@cesium.transmeta.com> (raw)
In-Reply-To: xltptfhd0wk.fsf@shookay.newview.com
Followup to: <xltptfhd0wk.fsf@shookay.newview.com>
By author: Mathieu Chouquet-Stringer <mathieu@newview.com>
In newsgroup: linux.dev.kernel
>
> It's always been my understanding that you cannot have suid shell script
> because you could easily change the IFS. Am i wrong? (
>
Well, sort of.
You can't have a setuid shell script using #!/bin/bash because
/bin/bash doesn't support it.
You *can* have a setuid Perl script using #!/usr/bin/perl because Perl
knows how to run setuid safely.
It's up to the script interpreter (if it is setuid or has an setuid
wrapper available -- Perl does it the latter way) to decide to honour
the setuid bit on a script.
If you really want to use a setuid script, you can create
a setuid /usr/bin/setuidbash which would do whatever sanitization you
felt was appropriate, and then exec bash with the appropriate
permissions. Then put #!/usr/bin/setuidbash in your scripts.
-hpa
--
<hpa@transmeta.com> at work, <hpa@zytor.com> in private!
If you send me mail in HTML format I will assume it's spam.
"Unix gives you enough rope to shoot yourself in the foot."
Architectures needed: ia64 m68k mips64 ppc ppc64 s390 s390x sh v850 x86-64
next prev parent reply other threads:[~2003-11-24 20:23 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-11-24 16:36 hard links create local DoS vulnerability and security problems Jakob Lell
2003-11-24 17:05 ` Måns Rullgård
2003-11-24 20:42 ` Mike Fedyk
2003-11-24 17:14 ` Richard B. Johnson
2003-11-24 17:35 ` Jamie Lokier
2003-11-24 18:57 ` aic7xxx loading oops in 2.6.0-test10 Alexander Nyberg
2003-11-24 20:03 ` Ken Witherow
[not found] ` <Pine.LNX.4.58.0311241524310.1245@morpheus>
2003-11-24 20:49 ` Ken Witherow
2003-11-24 23:42 ` Dick Streefland
2003-11-25 3:16 ` hard links create local DoS vulnerability and security problems Matthias Andree
2003-11-25 14:48 ` Jan Kara
2003-11-25 15:27 ` Jakob Lell
2003-11-24 17:37 ` Rudo Thomas
2003-11-24 18:10 ` Richard B. Johnson
2003-11-24 18:22 ` Valdis.Kletnieks
2003-11-24 22:17 ` [OT] " Rudo Thomas
2003-11-24 17:57 ` Jakob Lell
2003-11-24 18:08 ` splite
2003-11-24 18:13 ` Richard B. Johnson
2003-11-24 18:24 ` Jakob Lell
2003-11-24 23:57 ` bill davidsen
2003-11-24 18:18 ` Jakob Lell
2003-11-24 18:29 ` Valdis.Kletnieks
2003-11-24 19:25 ` hard links create local DoS vulnerability and security proble Mathieu Chouquet-Stringer
2003-11-24 20:00 ` Valdis.Kletnieks
2003-11-24 20:02 ` Mathieu Chouquet-Stringer
2003-11-24 20:22 ` H. Peter Anvin [this message]
2003-11-24 18:21 ` hard links create local DoS vulnerability and security problems Michael Buesch
2003-11-24 18:35 ` Jakob Lell
2003-11-24 18:53 ` Chris Wright
2003-11-25 0:04 ` bill davidsen
2003-11-25 13:54 ` Jesse Pollard
2003-11-24 23:50 ` bill davidsen
2003-11-25 0:22 ` Mike Fedyk
2003-11-25 0:35 ` Chris Wright
2003-11-25 8:15 ` Amon Ott
2003-11-25 16:11 ` Bill Davidsen
2003-11-25 11:26 ` Gianni Tedesco
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='bptpas$sj0$1@cesium.transmeta.com' \
--to=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox