|
Home > Archive > Unix Shell > January 2007 > Question about Suid
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Question about Suid
|
|
| Lie-Algebra 2007-01-22, 1:16 pm |
| Hello,
I was wondering how am I supposed to proceed if had to call a shell
script and/or function inside a C/C++ code.
As shell script cant be setuid, I guess it could be possible or at least
conceivable, to use a binary instead.
Assuming it does work for a simple script, would it be possible to
enclose a whole script in a c code, and give the resulting binary the
appropriate set-uid permission ?
One could object, it would be sufficient to run the script with the
required permission but back in the context, I needed to find a
password-independant way to run some scripts as the passwords on those
box were changed oftenly. (don't laugh at me, its true...)
As I have time now, I was curious about experiencing the above.
Could it work ?
Thnks
E.S
| |
| Bill Marcum 2007-01-22, 7:20 pm |
| On Mon, 22 Jan 2007 15:54:49 +0100, Lie-Algebra
<Lie-Algebra@Amitsur-Levitski.net> wrote:
>
>
> Hello,
>
> I was wondering how am I supposed to proceed if had to call a shell
> script and/or function inside a C/C++ code.
>
system() or popen()
> As shell script cant be setuid, I guess it could be possible or at least
> conceivable, to use a binary instead.
>
If the C code is setuid, the called shell script would inherit the real
and effective uids.
> Assuming it does work for a simple script, would it be possible to
> enclose a whole script in a c code, and give the resulting binary the
> appropriate set-uid permission ?
>
> One could object, it would be sufficient to run the script with the
> required permission but back in the context, I needed to find a
> password-independant way to run some scripts as the passwords on those
> box were changed oftenly. (don't laugh at me, its true...)
>
Have you heard of sudo? Or ssh with public and private keys?
--
You never know what is enough until you know what is more than enough.
-- William Blake
| |
| Michael Paoli 2007-01-23, 1:26 am |
| Lie-Algebra wrote:
> I was wondering how am I supposed to proceed if had to call a shell
> script and/or function inside a C/C++ code.
> As shell script cant be setuid, I guess it could be possible or at least
> conceivable, to use a binary instead.
> Assuming it does work for a simple script, would it be possible to
> enclose a whole script in a c code, and give the resulting binary the
> appropriate set-uid permission ?
> One could object, it would be sufficient to run the script with the
> required permission but back in the context, I needed to find a
> password-independant way to run some scripts as the passwords on those
> box were changed oftenly. (don't laugh at me, its true...)
> As I have time now, I was curious about experiencing the above.
> Could it work ?
B) it often won't work:
news:87qllc$954@crl.crl.com
A) such an approach as you're suggesting would generally be quite
ill-advised, even if it would work.
news:1168244268.925931.274190@51g2000cwl.googlegroups.com
| |
| Mark Hobley 2007-01-23, 8:03 pm |
| Lie-Algebra <Lie-Algebra@amitsur-levitski.net> wrote:
> As shell script cant be setuid, I guess it could be possible or at least
> conceivable, to use a binary instead.
You can compile a shell script using shc, the shell script compiler. The
resultant binary can then be setuid.
Regards,
Mark.
--
Mark Hobley
393 Quinton Road West
QUINTON
Birmingham
B32 1QE
Telephone: (0121) 247 1596
International: 0044 121 247 1596
Email: markhobley at hotpop dot donottypethisbit com
http://markhobley.yi.org/
| |
| Bruce Barnett 2007-01-25, 1:32 am |
| markhobley@hotpop.deletethisbit.com (Mark Hobley) writes:
> You can compile a shell script using shc, the shell script compiler. The
> resultant binary can then be setuid.
Uhh.... It's HARD to write a wrapper for a setuid program.
Does shc handle this? I never looked into it myself.
Suppose the script called a program that has a shell escape, like vi?
Can the PATH be modified, and a trojan inserted?
Can any other environment variable be modified and used to break root?
What if a file descriptor is connected to a dangerous file?
--
Sending unsolicited commercial e-mail to this account incurs a fee of
$500 per message, and acknowledges the legality of this contract.
| |
| Mark Hobley 2007-01-29, 1:32 am |
| Bruce Barnett <spamhater123+U070124213407@grymoire.com> wrote:
> Does shc handle this? I never looked into it myself.
It looks like it just encrypts your shell script, and then when the binary is
run, the original script is decrypted and run in the shell.
So, if you are running your shell as root, then yes, your editor would run as
root also, and you could insert a trojan.
So you would need to check that your script doesn't break out before you
compile it.
A better solution would be to have a look at what you needed the root
privileges for in the first place, and handle these through user and group
access, leaving the shell script to run as a normal user.
Regards,
Mark.
--
Mark Hobley
393 Quinton Road West
QUINTON
Birmingham
B32 1QE
Telephone: (0121) 247 1596
International: 0044 121 247 1596
Email: markhobley at hotpop dot donottypethisbit com
http://markhobley.yi.org/
|
|
|
|
|