1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
|
?RCS: $Id$
?RCS:
?RCS: Copyright (c) 1991-1997, 2004-2006, Raphael Manfredi
?RCS:
?RCS: You may redistribute only under the terms of the Artistic License,
?RCS: as specified in the README file that comes with the distribution.
?RCS: You may reuse parts of this distribution only within the terms of
?RCS: that same Artistic License; a copy of which may be found at the root
?RCS: of the source tree for dist 4.0.
?RCS:
?RCS: Tye McQueen <tye@metronet.com> added safe setuid script checks.
?RCS:
?RCS: $Log: d_dosuid.U,v $
?RCS: Revision 3.0.1.2 1997/02/28 15:33:03 ram
?RCS: patch61: moved unit to TOP via a ?Y: layout directive
?RCS: patch61: tell them /dev/fd is not about floppy disks
?RCS:
?RCS: Revision 3.0.1.1 1994/10/29 16:12:08 ram
?RCS: patch36: added checks for secure setuid scripts (Tye McQueen)
?RCS:
?RCS: Revision 3.0 1993/08/18 12:05:55 ram
?RCS: Baseline for dist 3.0 netwide release.
?RCS:
?MAKE:d_dosuid d_suidsafe: cat contains ls rm test Myread Setvar \
Oldconfig Guess package hint
?MAKE: -pick add $@ %<
?S:d_suidsafe:
?S: This variable conditionally defines SETUID_SCRIPTS_ARE_SECURE_NOW
?S: if setuid scripts can be secure. This test looks in /dev/fd/.
?S:.
?S:d_dosuid:
?S: This variable conditionally defines the symbol DOSUID, which
?S: tells the C program that it should insert setuid emulation code
?S: on hosts which have setuid #! scripts disabled.
?S:.
?C:SETUID_SCRIPTS_ARE_SECURE_NOW:
?C: This symbol, if defined, indicates that the bug that prevents
?C: setuid scripts from being secure is not present in this kernel.
?C:.
?C:DOSUID:
?C: This symbol, if defined, indicates that the C program should
?C: check the script that it is executing for setuid/setgid bits, and
?C: attempt to emulate setuid/setgid on systems that have disabled
?C: setuid #! scripts because the kernel can't do it securely.
?C: It is up to the package designer to make sure that this emulation
?C: is done securely. Among other things, it should do an fstat on
?C: the script it just opened to make sure it really is a setuid/setgid
?C: script, it should make sure the arguments passed correspond exactly
?C: to the argument on the #! line, and it should not trust any
?C: subprocesses to which it must pass the filename rather than the
?C: file descriptor of the script to be executed.
?C:.
?H:#$d_suidsafe SETUID_SCRIPTS_ARE_SECURE_NOW /**/
?H:#$d_dosuid DOSUID /**/
?H:.
?Y:TOP
?F:!reflect
?LINT: set d_suidsafe
?LINT: set d_dosuid
: see if setuid scripts can be secure
$cat <<EOM
Some kernels have a bug that prevents setuid #! scripts from being
secure. Some sites have disabled setuid #! scripts because of this.
First let's decide if your kernel supports secure setuid #! scripts.
(If setuid #! scripts would be secure but have been disabled anyway,
don't say that they are secure if asked.)
EOM
val="$undef"
if $test -d /dev/fd; then
echo "#!$ls" >reflect
chmod +x,u+s reflect
./reflect >flect 2>&1
if $contains "/dev/fd" flect >/dev/null; then
echo "Congratulations, your kernel has secure setuid scripts!" >&4
val="$define"
else
$cat <<EOM
If you are not sure if they are secure, I can check but I'll need a
username and password different from the one you are using right now.
If you don't have such a username or don't want me to test, simply
enter 'none'.
EOM
rp='Other username to test security of setuid scripts with?'
dflt='none'
. ./myread
case "$ans" in
n|none)
case "$d_suidsafe" in
'') echo "I'll assume setuid scripts are *not* secure." >&4
dflt=n;;
"$undef")
echo "Well, the $hint value is *not* secure." >&4
dflt=n;;
*) echo "Well, the $hint value *is* secure." >&4
dflt=y;;
esac
;;
*)
$rm -f reflect flect
echo "#!$ls" >reflect
chmod +x,u+s reflect
echo >flect
chmod a+w flect
echo '"su" will (probably) prompt you for '"$ans's password."
su $ans -c './reflect >flect'
if $contains "/dev/fd" flect >/dev/null; then
echo "Okay, it looks like setuid scripts are secure." >&4
dflt=y
else
echo "I don't think setuid scripts are secure." >&4
dflt=n
fi
;;
esac
rp='Does your kernel have *secure* setuid scripts?'
. ./myread
case "$ans" in
[yY]*) val="$define";;
*) val="$undef";;
esac
fi
else
echo "I don't think setuid scripts are secure (no /dev/fd directory)." >&4
echo "(That's for file descriptors, not floppy disks.)"
val="$undef"
fi
set d_suidsafe
eval $setvar
$rm -f reflect flect
: now see if they want to do setuid emulation
echo " "
val="$undef"
case "$d_suidsafe" in
"$define")
val="$undef"
echo "No need to emulate SUID scripts since they are secure here." >& 4
;;
*)
$cat <<EOM
Some systems have disabled setuid scripts, especially systems where
setuid scripts cannot be secure. On systems where setuid scripts have
been disabled, the setuid/setgid bits on scripts are currently
useless. It is possible for $package to detect those bits and emulate
setuid/setgid in a secure fashion. This emulation will only work if
setuid scripts have been disabled in your kernel.
EOM
case "$d_dosuid" in
"$define") dflt=y ;;
*) dflt=n ;;
esac
rp="Do you want to do setuid/setgid emulation?"
. ./myread
case "$ans" in
[yY]*) val="$define";;
*) val="$undef";;
esac
;;
esac
set d_dosuid
eval $setvar
|
