From owner-freebsd-questions@freebsd.org Sat Feb 20 09:42:26 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F201EAAD77F for ; Sat, 20 Feb 2016 09:42:25 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.117.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 85EBBD68 for ; Sat, 20 Feb 2016 09:42:25 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from liminal.local (liminal.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3636:3bff:fed4:b0d6]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: m.seaman@infracaninophile.co.uk) by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id 6A4BC77B0 for ; Sat, 20 Feb 2016 09:42:14 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none header.from=FreeBSD.org Authentication-Results: smtp.infracaninophile.co.uk/6A4BC77B0; dkim=none; dkim-atps=neutral Subject: Re: minimize use of root account To: freebsd-questions@freebsd.org References: <20160219120503.fc97ef10.freebsd@edvax.de> <56C72C45.2050606@qeng-ho.org> <20160219221111.5ead3364.freebsd@edvax.de> From: Matthew Seaman X-Enigmail-Draft-Status: N1110 Message-ID: <56C834F0.4020000@FreeBSD.org> Date: Sat, 20 Feb 2016 09:42:08 +0000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 MIME-Version: 1.0 In-Reply-To: <20160219221111.5ead3364.freebsd@edvax.de> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="NJXje4fi2mPL8r1Lh8bbUGvfuOT8jHnbK" X-Virus-Scanned: clamav-milter 0.99 at smtp.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=1.0 required=5.0 tests=SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on smtp.infracaninophile.co.uk X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Feb 2016 09:42:26 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --NJXje4fi2mPL8r1Lh8bbUGvfuOT8jHnbK Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 19/02/2016 21:11, Polytropon wrote: >> I thought suid scripts were disabled years ago because they were a maj= or=20 >> > security loophole? > You're right - it's the case. >=20 > % ll root_test.sh=20 > -rwsr-sr-x 1 poly poly 24 2016-02-19 19:25:20 root_test.sh* >=20 > % cat root_test.sh > #!/bin/sh > id -u > whoami >=20 > % ./root_test.sh > 2000 > poly >=20 > % sudo ./root_test.sh > 0 > root >=20 > I think this is fully intended. Although 'no setuid scripts' is pretty well embedded in the Unix psyche, I was under the impression the underlying problem had been fixed some time ago. The problem with a setuid script is that there is a window of opportunity between the system opening the script, parsing the #! line, firing up the appropriate interpreter and having that *reopen* the script to execute it -- if you can replace the script at just the right time, you can get anything executed with root permissions. This was solved, as I recall, by the system passing its already open file descriptor on the original script to the interpreter. That requires the fdescfs pseudo-filesystem to be mounted, which populates /dev/fd. You need the full fdescfs mounted -- devfs only gives you filedescriptor devices for stdin, stdout and stderr for a process, and that's not enough. Even so, irrespective of fdescfs being mounted or not, it seems setuid scripts are still disallowed. Cheers, Matthew --NJXje4fi2mPL8r1Lh8bbUGvfuOT8jHnbK Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJWyDT2XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATPOQP/iIE13GBQUa5GYty9mvCoJ5B MmjKU4px4mh/jigu12reR/oZF016nFP+5znZ8jMpT9kAqYjQ7BIA68MD69/AT8ll nIaJlKRH9QA31Zw+R+d5RmcbJREuSZAZW1S/8JCjRv55IbTuh9FhrZh2AweU5Hsp UTUGaxpdmpeomH1/eFohcL9kHWfbR6pekUMjfjDz4KNdNSFajyW0sxJP8A10kuto DZb5s3WYzUmRpi/p8NeCmEUeUQ/LEbWPk59VgI/iq3L9mRxbtlot4qbMHI5FkMFL C943M9pgDRz1xH2KU+w8Rydk85MIqx5BFi5pv3btYLkPKNQOR+O6ZipqWHOjVkr8 tirhHMeqNSlCutH2O1mO7i+4H8szlRB52Ki8hqqdBwr2Y6qIjuzJjBhtAS04TE4d O7VFoW6tWQLTf67EpqpWYgOIaoszRkvJRwB7Bww/zEu2Ce0IDw8gB+dO5NIhW+be a+9V5H6bKCRYTdiGuzu7UiRckYY+q/lo1Z3FMzeqAMO1hURTJpEySdPelfa+dI3r 36sSM7niq5xS5ioP8DwHgZ+PTwTpXVgYCzHbnpoGUpd1wch06h+Ocv+oqdtaPCrg KejuYBhltqy8dEHEwMj3xfT2LCDs3oEWrVTj6BzxwRUgSpEMIVYkSgqSMy332v2a E+YMOJyRYwguQhkXOWz/ =COG0 -----END PGP SIGNATURE----- --NJXje4fi2mPL8r1Lh8bbUGvfuOT8jHnbK--