Why do my setuid root bash shell scripts not work?

by

There is a pretty comprehansive answer at https://unix.stackexchange.com/questions/364/allow-setuid-on-shell-scripts

Bottom line is that there are two main points against it:

  1. A race condition between when the Kernel opens the file to find which interpreter it should execute and when the interpreter opens the file to read the script.
  2. Shell scripts which execute many external programs without proper checks can be fooled into executing the wrong program (e.g. using malicious PATH), or expand variables in a broken way (e.g. having white space in variable values), and generally it has less control on how well the external programs it executes handle the input.

Historically, there was a famous bug in the original Bourne shell (at least on 4.2BSD, which is where I saw this in action) which allowed anyone to get interactive root shell by creating a symlink called -i to a suid shell script. That’s possibly the original trigger for this being prohibited.

EDIT: To answer “How do I fix it” – configure sudo to allow users to execute only these scripts as user root, and perhaps use a trick like in https://stackoverflow.com/a/4598126/164137 to find the original user’s name and force operation on their own home directory, instead of letting them pass in any arbitrary input (i.e. in their current state, nothing in the scripts you include in your question prevents user1 from executing the scripts and passing them users2‘s directory, or any directory for that matter)

More Related Contents:

  1. sudo echo “something” >> /etc/privilegedFile doesn’t work [duplicate]
  2. How do I use su to execute the rest of the bash script as that user?
  3. Correct owner/group/permissions for Apache 2 site files/folders under Mac OS X?
  4. chmod WSL (Bash) doesn’t work
  5. How can I check if a program exists from a Bash script?
  6. How to change permissions for a folder and its subfolders/files in one step
  7. How can I compare numbers in Bash?
  8. echo “#!” fails — “event not found”
  9. Pipe output and capture exit status in Bash
  10. Shell redirection i/o order
  11. Loop through all the files with a specific extension
  12. Colorized grep — viewing the entire file with highlighted matches
  13. How to pass in password to pg_dump?
  14. How can I profile a Bash shell script slow startup?
  15. Select random lines from a file
  16. Unset readonly variable in bash
  17. Should I use a Shebang with Bash scripts?
  18. How to use arguments from previous command?
  19. How to remove last n characters from a string in Bash?
  20. access host’s ssh tunnel from docker container
  21. Getting “sed error – illegal byte sequence” (in bash) [duplicate]
  22. Reference to a bash variable whose name contains dot
  23. how to source a csh script in bash to set the environment [closed]
  24. How to include nohup inside a bash script?
  25. Permission denied to Docker daemon socket at unix:///var/run/docker.sock
  26. Sum duplicate row values with awk
  27. Preserving leading white space while reading>>writing a file line by line in bash
  28. Loop over array, preventing wildcard expansion (*)
  29. How to delete rows from a csv file based on a list values from another file?
  30. ‘which’ vs ‘command -v’ in Bash [duplicate]

Leave a Comment