Greetings,
I recently asked the list how to setuid a script to run as root. The
original question text is at the end of this summary.
The general concensus is that this doesn't work under Solaris 2.x. One
poster claimed it works. I recently found it works for users OTHER than
root.
Most felt that writing a wrapper in C to call the script would solve the
problem. One of my coworkers suggested I write the whole thing in C, and
setuid the program.
One person suggested I use use perl or sudo.
Thanks to the following for their comments:
adam%bwnmr4@harvard.harvard.edu (Adam Shostack)
"Koert Gielen" <KOERT@ice.nl>
gdmr@dcs.ed.ac.uk (George D M Ross)
kmah@DCS-Systems.COM (Kevin Mah)
green@Kodak.COM (Russell Green)
pjw@ccci.com (Pete Welcher)
Here are the replies:
--------------------------------- Reply Text ---------------------------------
>From adam%bwnmr4@harvard.harvard.edu Mon Dec 6 23:30:24 1993
From: adam%bwnmr4@harvard.harvard.edu (Adam Shostack)
Subject: Re: Problem with setid scripts under Solaris 2.2
To: mal@adc.com
Content-Length: 1657
You wrote:
| Furthermore, I need this to work yesterday!
|
| Here is the shell script, its protections, and how it
| executes from root. I tried to make a minimal case and
| even put it in the root directory, just to minimize
| the issues. I made sure both accounts were "telneted" to,
| not accessed via the "broken" su command.
|
| -rws--x--x 1 root other 55 Dec 6 16:12 /cool
| Not only is the $0 now very "strange", but the effective user is not
| changed! Other test have shown that indeed the effective user has not
| changed as the "root"-type stuff can't be done when the script is called
| by "regular" users.
|
I'm fairly sure that setuid scripts have been disabled under
Solaris, as they present a very serious security problem. If you can
leave setuid scripts around on your host, you can as securly hand out
the root password to anyone with an account.
To get setuid behavior, use perl or sudo. Perl is a
programming language by Larry Wall, sudo is a C program that allows
you to specify triplets that allow a given user on a machine to run
certain commands with root privledges. You can ftp it from
csn.org:/pub/sudo.
For more on security issues related to setuid scripts, ask in
the Usenet group comp.security.unix, or get a copy of either Curry's
UNIX systems security, or Garfinkle and Spafford's Practical Unix
Security.
adam
-- Adam Shostack adam@bwh.harvard.edu Systems Manager, Surgical Planning Lab 617 278 0639 Department of Radiology Fax 732 7963 Brigham and Womens Hospital, Boston>From KOERT@ice.nl Tue Dec 7 01:48:39 1993 To: mal@adc.com From: "Koert Gielen" <KOERT@ice.nl> Subject: Re: Problem with setid scripts under Solaris 2.2 X-Pmrqc: 1 Content-Length: 179
Hi,
Make a little "C"-program, make the executable setuid and check the manual pages of "setuid" and "setgid" (use them in your program).
Regards,
Koert Gielen ICE Engineering
>From gdmr@dcs.ed.ac.uk Tue Dec 7 04:42:06 1993 From: gdmr@dcs.ed.ac.uk To: Michael A Leo <mal@adc.com> Subject: Re: Problem with setid scripts under Solaris 2.2 Content-Length: 345
Setuid scripts on BSD-based systems such as SunOS 4.1.x are a HUGE security hole. You might as well publish your root password. -- George D M Ross, Department of Computer Science, University of Edinburgh Kings Buildings, Mayfield Road, Edinburgh, Scotland, EH9 3JZ Mail: gdmr@dcs.ed.ac.uk Voice: 031-650 5147 Fax: 031-667 7209
>From kmah@DCS-Systems.COM Tue Dec 7 11:52:11 1993 From: kmah@DCS-Systems.COM (Kevin Mah) To: mal@adc.com Subject: Re: Problem with setid scripts under Solaris 2.2 Content-Length: 353
Setuid scripts no worky no more.
setuid works on binary executables. too bad sun has unbundled the C compiler, though. Nice going guys!
Anyhow, if you get your hands on a compiler, create a program with the call:
system ("command")
where command is the command you want to be setuid'd
e.g.
system ("/usr/etc/mount /pcfs")
Ciao for now, Kevin
>From green@Kodak.COM Tue Dec 7 15:53:53 1993 From: green@Kodak.COM (Russell Green) To: mal@adc.com Subject: Re: Problem with setid scripts under Solaris 2.2 Content-Length: 92
Works for me... Make sure your filesyatem is NOT mounted with the -nosuid option...
Russ
>From pjw@ccci.com Tue Dec 7 19:29:21 1993 From: pjw@ccci.com (Pete Welcher) To: mal@adc.com Cc: sun-managers@eecs.nwu.edu, gmp@ohtar.adc.com, rick@ohtar.adc.com, mjt@ohtar.adc.com, mal@ohtar.adc.com Subject: Problem with setid scripts under Solaris 2.2 Content-Length: 500
The "who am i" return value has changed in Sol 2.x, I think. It now shows original uid not effective uid. This is true even when you do su.
---------------------------------------------------------------------- Dr. Peter J. Welcher EMAIL: pjw@ccci.com Chesapeake Computer Consultants, Inc. PHONE: (410) 266-5686 2816 Southaven Drive or: (410) 573-1751 Annapolis, MD 21401 FAX: (410) 573-1751 ----------------------------------------------------------------------
------------------------------- End Reply Text -------------------------------
---------------------------Original Question Text ----------------------------
Hi,
I am desperate. All this worked under SunOS 4.x. However, under Solaris 2.2 (SPARC) on a SPARCstation 2 running NIS, everything falls to pieces.
I have read the FAQ, checked the archives at aurora.latech.edu, plundered through the AnswerBook, and even sobbed a bit on my keyboard.
Furthermore, I need this to work yesterday!
Here is the shell script, its protections, and how it executes from root. I tried to make a minimal case and even put it in the root directory, just to minimize the issues. I made sure both accounts were "telneted" to, not accessed via the "broken" su command.
# id uid=0(root) gid=1(other) # ls -l /cool -rws--x--x 1 root other 55 Dec 6 16:12 /cool # cat /cool #!/bin/sh id echo $0 $1 $2 $3 echo $USER who am i exit # /cool test uid=0(root) gid=1(other) /cool test root pts/4 Dec 6 16:11 (localhost) #
Now, here is how it executes from some other user:
(1)ascuser@valandil% id uid=4001(ascuser) gid=4001(ascuser) (2)ascuser@valandil% /cool test uid=4001(ascuser) gid=4001(ascuser) /dev/fd/3 test ascuser ascuser pts/9 Dec 6 16:14 (localhost) (3)ascuser@valandil%
Not only is the $0 now very "strange", but the effective user is not changed! Other test have shown that indeed the effective user has not changed as the "root"-type stuff can't be done when the script is called by "regular" users.
Any help would be appreciated.
Mike Leo ADC Telecommunications mike_leo@adc.com ----------------------- End of Original Question Text ------------------------
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:08:31 CDT