Marc Herbert wrote: > Bob Proulx a écrit : > > The shell isn't the only one that introduces a security vulnerability > > on most systems when setuid. All interpreters are the same in that > > regard. On systems where you shouldn't suid scripts then you > > shouldn't suid any of the set of sh/perl/python/ruby scripts either. > > I think most people would consider at least one of those in that set a > > real programming language. :-) > > None of these other languages has the same quoting complexity. You can > find some FAQs saying: "Never setuid a shell script, use something > less dangerous instead like Perl for instance".
I didn't say anything about quoting. The topic here was security vulnerabilities of an suid script. For example the classic race condition between stat'ing the #! interpreter and launching the privileged process on the file. If the system has that behavior then any #! interpreter (including non-interpreters such as 'ls') are vulnerable to an attack of slipping a different interpreter in at the last moment. That has nothing to do with quoting and is not specific to any particular interpreter. All that is required is that it not be directly machine executable binary code such that exec(2) can't invoke it directly but must instead invoke the specified program upon it. If an FAQ reports that using Perl is okay to be setuid in that environment then I think it is wrong. Or at least not completely general and portable because it is certainly dangerous on Unix systems. But it has been so many years since I have looked at that problem that I don't remember the details. I do remember using the exploit on HP-UX systems years ago but I don't remember the specific behavior here of all of the different kernels in popular use. Please don't make me expend precious brain cells remembering it. Bob
