Debian Planet










Welcome to Debian Planet

Search

Apt-get into it.
Main Menu

  • Home

  • Topics

  • Web Links

  • Your Account

  • Submit News

  • Stats

  • Top 10

  • Debian

    These are important Debian sites one should not be without!

  • Official Debian site

  • Package search

  • Mailing list archives

  • Bug reports

  • Debian on CD

  • Unofficial woody CD ISOs

  • Unofficial APT sources

  • Developers' Corner

    Other great Debian news sources:

  • Debian Weekly News

  • Kernel Cousin Debian

    (Debian mailing lists digested)
  • Community Groups

    Need help? You're not alone on this planet.

  • debianHELP

    (User support site)

  • Debian International

  • DebianWorld

    (Français)

  • DebianForum.de

    (Deutsch)

  • EsDebian

    (Español)

  • Debian-BR

    (Português)

  • DebianUsers

    (Korean)

  • MaximumDebian

    (Italiano)

  • IRC

    The place to get help on a Debian problem (after reading docs) or to just chat and chill is #debian on irc.debian.org.

    Many of the Debian Planet staff live there so pop by and say hello.

    Wanna write?

    Got that latest or greatest scoop? Perhaps you have some important news for the Debian community? Submit a news item!

    Or perhaps you've written a rather ground breaking insight into some aspect of Debian and you feel compelled to share it with others? Knock up a longer editorial article and send it to the editors.

    Sponsorship

    DP is sponsored by uklinux.net and CheepLinux.

    Debian Planet runs on hardware donated by Xinit systems and is using kieser.net's bandwidth.

    Who's Online

    There are currently, 60 guest(s) and 8 member(s) that are online.

    You are Anonymous user. You can register for free by clicking here.

      
    Dangers of SUID Shell Scripts
    Contributed by Anonymous on Thursday, May 31 @ 18:46:29 BST

    Security
    This article attempts to walk the fine line between full disclosure and published exploits. The object of this article is to illustrate how SUID programs work in order to help others writing their own programs avoid some common mistakes. The examples I provide are detailed enough to help you understand each danger, but I don't promise that all will work exactly as demonstrated if you try to use them maliciously.

    rob: How to people feel about suid programs in Debian? Are they regulated/controlled well enough? Are the policies surrounding them good enough?

     
    Related Links

  • More about Security
  • News by rob

    Most read story about Security:
    Why Debian is still not as secure as OpenBSD ?

    Last news about Security:

    Printer Friendly Page  Send this Story to a Friend
  • "Dangers of SUID Shell Scripts" | Login/Create Account | 9 comments
    Threshold


    The comments are owned by the poster. We aren't responsible for their content.

    Re: Dangers of SUID Shell Scripts (Score: 5, Interesting)
    by Anonymous on Thursday, May 31 @ 21:41:09 BST

    > Are the policies surrounding them good enough?

    There is an official policy ? Correct me if I am wrong, but there is just a suggestion for the package maintainers, there is no real policy.

    [ Reply ]


    Moot point (Score: 5, Interesting)
    by Anonymous on Friday, June 01 @ 00:47:58 BST

    Not really that useful for Debian users, since AFAIK suid shell scripts have never worked under Linux (don't know about Hurd). Indeed the
    article states:

    Because of these problems, some systems (e.g., Linux) won't honor SUID on shell scripts.

    [ Reply ]


    Re: Dangers of SUID Shell Scripts (Score: 5, Informative)
    by kezdeth (kezdeth@lycos.com) on Friday, June 01 @ 05:00:08 BST
    (User Info)

    Perl scripts will work, but I won't touch that. Install sudo ahd be safer.

    [ Reply ]


    Re: Dangers of SUID Shell Scripts (Score: 3, Informative)
    by Anonymous on Friday, June 01 @ 15:50:00 BST

    Debian use programs (not script) with SUID. It is really secure ?

    [ Reply ]


    Based on: PHP-Nuke

    All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2000 by Debian Planet

    You can syndicate our news using the file backend.php.