Re: Executable shell scripts
From: Bernd Petrovitsch
Date: Sat May 13 2006 - 08:01:45 EST
On Sat, 2006-05-13 at 13:45 +0200, Mark Rosenstand wrote:
> Bernd Petrovitsch <bernd@xxxxxxxxx> wrote:
> > On Sat, 2006-05-13 at 13:03 +0200, Mark Rosenstand wrote:
> > [...]
> > > A more useful case is when you setuid the script (and no, this doesn't
> > > need to be running as root and/or executable by all.)
> >
> > Apart from the permission bug: This has been purposely disabled since it
> > is way to easy to write exploitable shell or other scripts.
> > Use a real programming languages, sudo or a trivial wrapper in C ....
s/languages/language/
And I forgot to mention that a kernel patch is another possibility.
> It isn't a bug on systems that support executable shell scripts.
I never wrote that (or anything which implies that directly).
> Doing security policy based on programming language seems weird at
> best, especially when the only user able to make those decisions is the
> superuser.
It boils down to "how easy is it for root to shoot in the foot"?
And the workarounds are somewhere between trivial and simple.
> Obviously the security-unaware people over at the OpenBSD camp must be
> completely clueless when they don't disallow the superuser to do this.
Of course this doesn't change the level of security but it plays with
the risk ....
> I'm looking forward to the day where I'm no longer allowed to make
> changes to /etc/ld.so.conf because it's a system file.
>
> Anyway, is it possible to enable this functionality?
Yes.
Bernd
--
Firmix Software GmbH http://www.firmix.at/
mobil: +43 664 4416156 fax: +43 1 7890849-55
Embedded Linux Development and Services
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/