[PATCH] config option for suid scripts

Preston F. Crow Adv94 (Preston.F.Crow.Adv94@Alum.Dartmouth.ORG)
05 Jun 2000 17:12:14 EDT

Yes, I know that it would be an understatement to say that people don't
like the idea of suid scripts from a security standpoint, but in some
environments, enabling them would be very useful (such as when migrating
from another Unix that uses them) and relatively safe (such as when all
users have the root password). Anyway, having it as a config option that
would be turned off in standard distributions shouldn't be a problem.

Hence, I've written a patch to do just that. It's one line of added code,
and a bunch of configuration file updates. The patch is against
2.2.16-pre4, but has worked with 2.2.15 and 2.2.16-pre8, though the line
numbers are different. I suspect it will work with most later 2.2 kernels.

--PC
preston.f.crow@alum.dartmouth.org

----------------------------------------------------------------------------
*** linux/fs/binfmt_script.c.orig Thu Aug 20 17:32:48 1998
--- linux/fs/binfmt_script.c Tue May 23 14:40:24 2000
***************
*** 76,81 ****
--- 76,87 ----
bprm->argc++;
if (!bprm->p)
return -E2BIG;
+ #ifdef CONFIG_BINFMT_SUIDSCRIPT
+ /*
+ * Enable suid scripts.
+ */
+ compute_creds(bprm);
+ #endif
/*
* OK, now restart the process with the interpreter's dentry.
*/
*** linux/arch/i386/config.in.orig Wed May 3 20:16:30 2000
--- linux/arch/i386/config.in Tue May 23 15:17:30 2000
***************
*** 94,99 ****
--- 94,102 ----
if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
tristate 'Kernel support for JAVA binaries (obsolete)' CONFIG_BINFMT_JAVA
fi
+ if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
+ bool 'Kernel support for set-uid scripts' CONFIG_BINFMT_SUIDSCRIPT
+ fi

tristate 'Parallel port support' CONFIG_PARPORT
if [ "$CONFIG_PARPORT" != "n" ]; then
*** linux/arch/alpha/config.in.orig Wed May 3 20:16:30 2000
--- linux/arch/alpha/config.in Tue May 23 15:18:41 2000
***************
*** 200,205 ****
--- 200,208 ----
if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
tristate 'Kernel support for JAVA binaries (obsolete)' CONFIG_BINFMT_JAVA
fi
+ if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
+ bool 'Kernel support for set-uid scripts' CONFIG_BINFMT_SUIDSCRIPT
+ fi
tristate 'Kernel support for Linux/Intel ELF binaries' CONFIG_BINFMT_EM86
tristate 'Parallel port support' CONFIG_PARPORT
if [ "$CONFIG_PARPORT" != "n" ]; then
*** linux/arch/sparc/config.in.orig Mon May 22 16:36:12 2000
--- linux/arch/sparc/config.in Tue May 23 15:18:56 2000
***************
*** 75,80 ****
--- 75,83 ----
if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
tristate 'Kernel support for JAVA binaries (obsolete)' CONFIG_BINFMT_JAVA
fi
+ if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
+ bool 'Kernel support for set-uid scripts' CONFIG_BINFMT_SUIDSCRIPT
+ fi
bool 'SunOS binary emulation' CONFIG_SUNOS_EMUL
endmenu

*** linux/arch/mips/config.in.orig Mon Aug 9 15:04:38 1999
--- linux/arch/mips/config.in Tue May 23 15:18:48 2000
***************
*** 89,94 ****
--- 89,97 ----
if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
tristate 'Kernel support for JAVA binaries (obsolete)' CONFIG_BINFMT_JAVA
fi
+ if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
+ bool 'Kernel support for set-uid scripts' CONFIG_BINFMT_SUIDSCRIPT
+ fi

bool 'Networking support' CONFIG_NET
bool 'System V IPC' CONFIG_SYSVIPC
*** linux/arch/ppc/config.in.orig Tue Jan 4 13:12:12 2000
--- linux/arch/ppc/config.in Tue May 23 15:18:52 2000
***************
*** 66,71 ****
--- 66,74 ----
define_bool CONFIG_KERNEL_ELF y
tristate 'Kernel support for MISC binaries' CONFIG_BINFMT_MISC
tristate 'Kernel support for JAVA binaries (obsolete)' CONFIG_BINFMT_JAVA
+ if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
+ bool 'Kernel support for set-uid scripts' CONFIG_BINFMT_SUIDSCRIPT
+ fi

tristate 'Parallel port support' CONFIG_PARPORT
if [ "$CONFIG_PARPORT" != "n" ]; then
*** linux/arch/sparc64/config.in.orig Mon May 22 16:36:12 2000
--- linux/arch/sparc64/config.in Tue May 23 15:19:03 2000
***************
*** 66,71 ****
--- 66,74 ----
tristate 'Kernel support for MISC binaries' CONFIG_BINFMT_MISC
tristate 'Kernel support for JAVA binaries (obsolete)' CONFIG_BINFMT_JAVA
fi
+ if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
+ bool 'Kernel support for set-uid scripts' CONFIG_BINFMT_SUIDSCRIPT
+ fi
bool 'SunOS binary emulation' CONFIG_SUNOS_EMUL
if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
tristate 'Solaris binary emulation' CONFIG_SOLARIS_EMUL
*** linux/Documentation/Configure.help.orig Mon May 22 16:36:11 2000
--- linux/Documentation/Configure.help Tue May 23 15:02:39 2000
***************
*** 1625,1630 ****
--- 1625,1643 ----
you have use for it; the module is called binfmt_misc.o. If you
don't know what to answer at this point, say Y.

+ Kernel support for set-uid scripts
+ CONFIG_BINFMT_SUIDSCRIPT
+ If you say Y here, the set-uid and set-gid bits on executable
+ scripts will be honored.
+
+ This is a very bad idea from a security standpoint. Set-uid scripts
+ open up security holes that are essentially equivalent to giving out
+ the root password to everyone who is allowed to execute code on the
+ system. In most cases, you should consider instead using a wrapper
+ program, such as "sudo" to achieve the same goals.
+
+ Say N here unless you really, really know what you are doing.
+
Solaris binary emulation
CONFIG_SOLARIS_EMUL
This is experimental code which will enable you to run (many)

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/