RE: allowing ordinary users to open privileged ports
From: Myers, Mike (Mike.Myers_at_nwdc.net)
Date: 09/14/04
- Previous message: Phil Eschallier: "RE: allowing ordinary users to open privileged ports"
- Maybe in reply to: randy calma repasa: "allowing ordinary users to open privileged ports"
- Next in thread: Crist J. Clark: "Re: allowing ordinary users to open privileged ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 14 Sep 2004 10:41:52 -0700 To: "Brian Parent" <bparent@calvin.ucsd.edu>, focus-sun@securityfocus.com
You know, I've often heard this statement (about SUID shell scripts being dangerous) without a good explanation -- too often the authoring citing "security concerns" for not explaining it (not that Brian did!)
For those who feel the same way, I found a reasonable explanation here:
http://www.faqs.org/faqs/unix-faq/faq/part4/section-7.html
It does a good job of covering PATH issues, timing issues and others. Always good to understand exactly what type of attack one is defending against.
Cheers,
- Mike Myers, Mike.Myers <at> nwdc.net
-----Original Message-----
From: Brian Parent [mailto:bparent@calvin.ucsd.edu]
Sent: Monday, September 13, 2004 10:29 AM
To: focus-sun@securityfocus.com
Subject: Re: allowing ordinary users to open privileged ports
I'm glad to hear that your method #2 presented other problems
which prevented you from using it.
Creating a setuid shell script creates a major security hole.
Local users with access to such a script can execute arbitrary
programs as the owner of the script (root in this case).
- Previous message: Phil Eschallier: "RE: allowing ordinary users to open privileged ports"
- Maybe in reply to: randy calma repasa: "allowing ordinary users to open privileged ports"
- Next in thread: Crist J. Clark: "Re: allowing ordinary users to open privileged ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
