Re: writing logs in a file that needs root previlages



Rahul <nospam@xxxxxxxxxxxxxx> writes:

Thanks! The only secure solution seems a setuid and unfortunately C seems
the only way to do that. Too bad that bash scripts aren't allowed to do a
previlage escalation for the log writing part. I wonder why though? Is bash
in some way less secure than C?

The real problem with set UID scripts is that the kernel has to do three steps:

1) Open the file, find the name of the engine (bash) and start the
engine.
2) Set the UID
3) Open the file read it into the engine.

Between 1 and 3, it is possible to change the contents of the script
file. While it seems hard, I can create a series of symbolic links
(hundreds) that point to the script. I then execute the setuid script,
and if I change one of the symbolic links, I can point to a new file
and gain priviledges.


Solaris allows setuid shell scripts. The Bourne shell has a special
flag that passes the contents of the script as a file descriptor,
instead of passing a file name.



.