| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251201213938.184d71db@pumpkin> Date: Mon, 1 Dec 2025 21:39:38 +0000 From: David Laight <david.laight.linux@...il.com> To: "Eric W. Biederman" <ebiederm@...ssion.com> Cc: Roberto Sassu <roberto.sassu@...weicloud.com>, Bernd Edlinger <bernd.edlinger@...mail.de>, Alexander Viro <viro@...iv.linux.org.uk>, Alexey Dobriyan <adobriyan@...il.com>, Oleg Nesterov <oleg@...hat.com>, Kees Cook <kees@...nel.org>, Andy Lutomirski <luto@...capital.net>, Will Drewry <wad@...omium.org>, Christian Brauner <brauner@...nel.org>, Andrew Morton <akpm@...ux-foundation.org>, Michal Hocko <mhocko@...e.com>, Serge Hallyn <serge@...lyn.com>, James Morris <jamorris@...ux.microsoft.com>, Randy Dunlap <rdunlap@...radead.org>, Suren Baghdasaryan <surenb@...gle.com>, Yafang Shao <laoar.shao@...il.com>, Helge Deller <deller@....de>, Adrian Reber <areber@...hat.com>, Thomas Gleixner <tglx@...utronix.de>, Jens Axboe <axboe@...nel.dk>, Alexei Starovoitov <ast@...nel.org>, "linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, linux-kselftest@...r.kernel.org, linux-mm@...ck.org, linux-security-module@...r.kernel.org, tiozhang <tiozhang@...iglobal.com>, Luis Chamberlain <mcgrof@...nel.org>, "Paulo Alcantara (SUSE)" <pc@...guebit.com>, Sergey Senozhatsky <senozhatsky@...omium.org>, Frederic Weisbecker <frederic@...nel.org>, YueHaibing <yuehaibing@...wei.com>, Paul Moore <paul@...l-moore.com>, Aleksa Sarai <cyphar@...har.com>, Stefan Roesch <shr@...kernel.io>, Chao Yu <chao@...nel.org>, xu xin <xu.xin16@....com.cn>, Jeff Layton <jlayton@...nel.org>, Jan Kara <jack@...e.cz>, David Hildenbrand <david@...hat.com>, Dave Chinner <dchinner@...hat.com>, Shuah Khan <shuah@...nel.org>, Elena Reshetova <elena.reshetova@...el.com>, David Windsor <dwindsor@...il.com>, Mateusz Guzik <mjguzik@...il.com>, Ard Biesheuvel <ardb@...nel.org>, "Joel Fernandes (Google)" <joel@...lfernandes.org>, "Matthew Wilcox (Oracle)" <willy@...radead.org>, Hans Liljestrand <ishkamiel@...il.com>, Penglei Jiang <superman.xpt@...il.com>, Lorenzo Stoakes <lorenzo.stoakes@...cle.com>, Adrian Ratiu <adrian.ratiu@...labora.com>, Ingo Molnar <mingo@...nel.org>, "Peter Zijlstra (Intel)" <peterz@...radead.org>, Cyrill Gorcunov <gorcunov@...il.com>, Eric Dumazet <edumazet@...gle.com>, zohar@...ux.ibm.com, linux-integrity@...r.kernel.org, Ryan Lee <ryan.lee@...onical.com>, apparmor <apparmor@...ts.ubuntu.com> Subject: Re: Are setuid shell scripts safe? (Implied by security_bprm_creds_for_exec) On Mon, 01 Dec 2025 12:53:10 -0600 "Eric W. Biederman" <ebiederm@...ssion.com> wrote: > Roberto Sassu <roberto.sassu@...weicloud.com> writes: ... > There is the partial solution of passing /dev/fd instead of passing the > name of the script. I suspect that would break things. I don't > remember why that was never adopted. I thought that was what was done - and stopped the problem of a user flipping a symlink between a suid script and one the user had written. It has only ever been done for suid scripts when the uid actually changes. Which makes it possible to set the permissions so that owner can't run the script! (The kernel only needs 'x' access, the shell needs 'r' access, so with 'x+s' the owner can't execute the script but everyone else can.) There is a much older problem that probably only affected the original 1970s 'sh' (not even the SVSV/Sunos version) that quoted redirects on the command line would get actioned when the parameter was substituted - which I think means the original 'sh' did post-substitution syntax analysis (the same as cmd.exe still does). That doesn't affect any shells used since the early 1980s. David
Powered by blists - more mailing lists