[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-bugs
Subject: kernel/946: setuid scripts not quite secure
From: "Chris K. Young" <cky () pobox ! com>
Date: 1999-10-18 7:16:06
[Download RAW message or body]
>Number: 946
>Category: kernel
>Synopsis: setuid scripts can *still* have race conditions
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: bugs
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Mon Oct 18 01:20:02 MDT 1999
>Last-Modified:
>Originator: Chris K. Young
>Organization:
>Release: OpenBSD 2.5
>Environment:
System : OpenBSD 2.5
Architecture: OpenBSD.i386
Machine : i386
>Description:
The FDSCRIPTS define, necessary for secure setuid scripts,
isn't necessarily defined if SETUIDSCRIPTS is, because the
check for ``defined(SETUIDSCRIPTS) && !defined(FDSCRIPTS)''
comes before ``#include <sys/exec_script.h>'', which enables
SETUIDSCRIPTS.
My speculation is that originally the SETUIDSCRIPTS define
was specified in Makefile. The dangers of moving defines to
include files... :-)
>How-To-Repeat:
Umm, make a setuid script file. Have a script kiddie
replace your script just before the shell opens it. :-)
>Fix:
--- sys/kern/exec_script.c Mon Jan 11 18:12:22 1999
+++ sys/kern/exec_script.c Mon Oct 18 20:03:58 1999
@@ -31,10 +31,6 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-#if defined(SETUIDSCRIPTS) && !defined(FDSCRIPTS)
-#define FDSCRIPTS /* Need this for safe set-id scripts. */
-#endif
-
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
@@ -48,6 +44,10 @@
#include <vm/vm.h>
#include <sys/exec_script.h>
+
+#if defined(SETUIDSCRIPTS) && !defined(FDSCRIPTS)
+#define FDSCRIPTS /* Need this for safe set-id scripts. */
+#endif
/*
* exec_script_makecmds(): Check if it's an executable shell script.
>Audit-Trail:
>Unformatted:
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic