gabriel rosenkoetter on Fri, 2 Nov 2001 15:30:20 +0100


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] [linux] Shell script madness (fwd)


On Fri, Nov 02, 2001 at 07:31:21AM -0400, Arthur S. Alexion wrote:
> Could someone on this list please help?  Jim has helped me considerably 
> on the other list.

Sure.

From: Jim Garrison <jimg@legalcs.com>
> Shouldn't execute privileges be enough to run the script? Why does it
> require read privileges? What do I do to secure it so that it is
> executable by the "users" group while only being readable by root?

Nope. Your shell needs to be able to read the shell script char-wise
in order to find out what shell it should execute the script with.
(That's what #!... does.)

Simply put, it's not possible to do what you're trying to do with a
shell script. You either need sudo with *extremely* limited
priveleges (just run that one program) or to write a known-safe
suid wrapper (written in C or another compiled language) for this
binary.

No matter what, you're still running a huge risk here. If you don't
trust these users, then they ought not be able to trigger
something's execution with root priveleges, especially not if it's a
program you haven't audited, because it may be possible to provoke
it into given them full root access.

(It is generally accepted that sudo access to any non-trivial
program--non-trival starts with ls, even if that program is not
designed to write to files--cat, or fork--any daemon or control
mechanism for a daemon, is no kind of restriction of the set of
sudoers with access to that program from a real root shell. sudo
should be treated as a convenience, not a security measure. It's an
*in*security measure.)

-- 
       ~ g r @ eclipsed.net

Attachment: pgpVs7g56gBE2.pgp
Description: PGP signature