Comments on: suid shell scripts – setting “the SUID bit”

By: unixshell

unixshell — Mon, 10 Oct 2011 00:53:04 +0000

SUID is dangerous because any user can run it with “root” privileges. Any program granted SUID privileges must be thoroughly inspected and totally trusted.

Shell scripts – being readable as well as executable, and particularly being in plain-text also – are especially vulnerable to attack, as an attacker can see how their input will be treated before even attempting to exploit the script. Anything they get the script to run, will be run with superuser privileges.

By: Ekevoo

Ekevoo — Mon, 10 Oct 2011 00:38:23 +0000

So, how is a SUID script dangerous? You forgot to tell!

By: Steve Parker

Steve Parker — Tue, 04 Jan 2011 16:33:40 +0000

At the risk of feeding a troll, the previous comment was not advocating security-through-obscurity as an end in itself, which was clear from the original blog post, and the faqs.org article which it linked. As you presumably know, the reason for ping being suid is because parts of its functionality require root privileges on most implementations of *nix. The examples on the faqs.org page assume that the attacker knows the next characters after #! in order to exploit them – if /bin/sh then use -i, for example.

But enough troll-feeding for now.

By: Name Required

Name Required — Tue, 04 Jan 2011 15:41:31 +0000

If security-through-obscurity is that valuable, why isn't your system's /bin/ping set unreadable? (It's clearly world readable in your listings in the article.) You're doing a disservice to readers by confusing this issue: it is not the readability of shell scripts that makes them unsuitable for SUID. Re-read the article linked in the first sentence.

By: 2010 in review « *nix Shell

2010 in review « *nix Shell — Sun, 02 Jan 2011 12:12:56 +0000

[...] suid shell scripts – setting “the SUID bit” April 20075 comments 4 [...]

By: unixshell

unixshell — Mon, 19 Apr 2010 11:30:18 +0000

SUID anything can be dangerous – scripts can be a problem in that they must be readable by the user who executes them, so any small bug in the script can be exploited – eg, if the script just does “echo hello”, then a non-priviliged user could alias “echo” to “rm -rf /” and run the script.

A SUID C program is safer in that the binary can be set with execute permissions but not read permissions, so you can run it but not disassemble it. Of course, the C program may run the system() system call and be exploitable in many other ways too. It would be less easy for a regular user to find out what to exploit, though. Any use of SUID should be avoided where possible.

Finally – a C-illiterate, Unix-illiterate programmer would write very poor C code for Unix. A new driver would be very likely to crash a Ferrari, but that does not make Ferraris inherently unsafe.

By: Corrector

Corrector — Mon, 19 Apr 2010 06:58:14 +0000

So, how is a SUID script dangerous? You forgot to tell!

Also, how is C programming “safe”, especially for C beginners, especially those knowing mostly shell (most likely to just call ‘system’ or ‘popen’), especially for the Unix-illiterates?

By: agrion

agrion — Wed, 08 Apr 2009 19:53:43 +0000

Good article

By: unixshell

unixshell — Wed, 22 Aug 2007 19:37:11 +0000

Thanks, good point. Not sure why I got that mixed up. Yes, the “Sticky” bit is indeed the “+t” flag. Article updated.

By: Andre Miller

Andre Miller — Sat, 18 Aug 2007 21:38:27 +0000

You seem to be confusing the SUID bit with the Sticky bit in this article. They mean two different things. Sticky bit is the ‘t’ flag, (chmod +t), which means something different to what you are explaining here.

Take a look here for the full explanation of the sticky bit: http://en.wikipedia.org/wiki/Sticky_bit