Subject: Re: SetUID scripts
To: Peter Galbavy <peter@wonderland.org>
From: Charles M. Hannum <mycroft@mit.edu>
List: netbsd-help
Date: 07/03/1996 13:10:37
Peter Galbavy <peter@wonderland.org> writes:
>
> On this topic, now that the problem is well known, could somebody explain
> to me in very small words what the well known security problem with set UID
> scripts is ? I never grasped it. Mea culpa.
Imagine that an untrusted user creates a symlink to a script that is
set-ID to a trusted user or group. Now, remember that the kernel just
passes down the file name to the shell. Between the time that the
kernel checks the permissions and does the set-ID and the time that
the shell opens the file, the symlink may have been replaced with any
arbitrary contents. It should be obvious why having the kernel open
the file and pass down a file descriptor solves this.