How to make a root script properly chmod+s ?

Dragonlord · Guru Joined: 22 Aug 2004 Posts: 446 Location: Switzerland

This is a problem bugging me since quite some time. For example I have a laptop on which I want to allow users to start the WiFi connection. This is done using a script doing various things from mugging with ifconfig, iwconfig, ipsec and eventually mounting common shares. All these operations require SU to work. I tried chown root:root on the script, chmod 755 and chmod +s but still the scripts behave as run by the user. I just want a script to be as SU that's all ( and I do not want to use sudo due to security concerns ).
_________________
DragonDreams: Leader and Head Programmer

frostschutz · Advocate Joined: 22 Feb 2005 Posts: 2977 Location: Germany

You have security concerns about sudo but want to hand out suid bits for shell scripts...?

Dragonlord · Guru Joined: 22 Aug 2004 Posts: 446 Location: Switzerland

The reason is simply that with sudo I have to grant users access to various system tools. With the suid script I only need to give access to the script ( something nobody except the root can change anyways ). So I consider this more save since it has only one point of failure whereas with sudo I have multiple points of failures. Don't know how this is with you but I consider the suid script less dangerous in that case.
_________________
DragonDreams: Leader and Head Programmer

yabbadabbadont · Posted: Mon Jun 02, 2008 9:52 pm Post subject:

suid only applies to binaries. It will not work with scripts. (at least it never has on any version of Unix/Linux I have used in the last 15 years...

)

eccerr0r · Posted: Mon Jun 02, 2008 10:32 pm Post subject:

A long time ago SUID scripts worked. But this is a hole because it's fairly trivial to get a script to do something improper (environment variables, bad argument checking). Thus all Un*x and Linux have suid scripts disabled.

If you _must_ use a SUID script, you'll need to write a C wrapper program that calls the script, sanitizing all arguments and environment before calling the script. Something like this would work but may be unsafe:

frostschutz · Advocate Joined: 22 Feb 2005 Posts: 2977 Location: Germany

You can use sudo and allow only your script to be executed with it. You still have to be very careful about how you write the script. Since usually in a script you execute anything that is in your path, it is possible for users to gain root access by tricking the script to execute something it's not actually meant to.

tgR10 · Posted: Tue Jun 03, 2008 1:53 am Post subject:

you can set up sudo for 1 command for example and for 1 user only
user_name localhost=/sbin/shutdown -h now
_________________
"bo kto ma racje ? ten kto z bliska zobaczy"
"moge nie wiedziec,wchlaniam niewiedze z malych torebek"
http://i12.tinypic.com/4pow0mu.png
http://userbar.tgr.debil.eu/userbar.jpg

Dragonlord · Guru Joined: 22 Aug 2004 Posts: 446 Location: Switzerland

The question is if sudo is prone to chroot attacks. In my script all path are absolute path so nothing can go wrong... that is unless somebody puts up a well chroot. But this leaves open the question if sudo is prone to a similar attack. If not it might be the better idea to do the sudo trick although much more complicate ( as mentioned, i need various sys-tools like ifconfig and /etc/init.d/* scripts ). That write-wrapper-app trick though sounds interesting too. I could even write the entire script in C instead and just call the tools from there.
_________________
DragonDreams: Leader and Head Programmer