SPUG: This /bin/ps is not secure for setuid operation

Alan E. Derhaag aderhaa at n2h2.com
Thu Jul 20 16:25:57 CDT 2000


Characteristically, I usually add the following when running under
taint mode:

delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};

rather than the

> $ENV{BASH_ENV} = "" ;
> $ENV{ENV} = "" ;

you included.  My machine complains about IFS being unsecure!

Barry Sharp <bxs at sdc.cs.boeing.com> writes:

> Hi Kim,
> 
> I ran following script on a Cray T916 running UNICOS 10.0.0.7 under
> normal user and root accounts with a script permission set to 4755
> and had no problem :-))
> 
> Incidentally, I did see in our perl man pages the following
> statement
> 
> "Setuid scripts have additional constraints that can produce error
>  messages such as "Insecure dependency".  See the perlsec manpage.
>  
>  .
>  .
>  .
>  
>  NOTES
>      The Perl motto is "There's more than one way to do it."  Divining how
>      many more is left as an exercise to the reader."
>      
> 
> ---------
> #!/local/bin/perl -T
> 
> $ENV{PATH} = "/sbin:/usr/sbin:/bin:/usr/bin:/usr/bin/X11" ;
> $ENV{BASH_ENV} = "" ;
> $ENV{ENV} = "" ;
> 
> open (PS, "/bin/ps -ef|") || die "ouch" ;
> my @ps = <PS> ;
> 
> print $ps[0], "\n";
> print $ps[1], "\n";
> print $ps[2], "\n";
> ----------
> 
> A perl -V on the Cray T916 produced the following, if this helps any.
> (I've asterisked the S/N out)
> 
> ----------
> Summary of my perl5 (5.0 patchlevel 4 subversion 4) configuration:
>   Platform:
>     osname=unicos, osvers=10.0.0.2, archname=CRAY_TS-unicos
>     uname='sn**** triton 10.0.0.2 tec.15 cray ts '
>     hint=recommended, useposix=true, d_sigaction=define
>     bincompat3=y useperlio=undef d_sfio=undef
>   Compiler:
>     cc='cc', optimize='-O1', gccversion=
>     cppflags=''
>     ccflags =''
>     stdchar='unsigned char', d_stdstdio=define, usevfork=false
>     voidflags=15, castflags=0, d_casti32=define, d_castneg=define
>     intsize=8, alignbytes=8, usemymalloc=n, prototype=define
>   Linker and Libraries:
>     ld='ld', ldflags =''
>     libpth=/lib /usr/lib
>     libs=-lnsl -lmalloc -lc -lcrypt
>     libc=/lib/libc.a, so=none
>     useshrplib=false, libperl=libperl.a
>   Dynamic Linking:
>     dlsrc=dl_none.xs, dlext=none, d_dlsymun=undef, ccdlflags=''
>     cccdlflags='', lddlflags=''
> 
> 
> Characteristics of this binary (from libperl): 
>   Built under unicos
>   Compiled at Sep  1 1998 10:32:50
>   @INC:
>     /local/lib/perl5/CRAY_TS-unicos/5.00404
>     /local/lib/perl5
>     /local/lib/perl5/site_perl/CRAY_TS-unicos
>     /local/lib/perl5/site_perl
>     .
> ------------
> 
> 
> Regards...
> Barry Sharp
> The Boeing Company - Share Service Group
> Engineering Operating Systems
> P.O. Box 3707 MC 7J-04
> Seattle, WA 98124-2207
> USA
> 
> Tel:   425-865-6411 (USA)
> Fax:   425-865-2221 (USA)
> Email: barry.sharp at boeing.com (stable)
> 
> 
> > X-Authentication-Warning: happyfunball.pm.org: mjordomo set sender to 
> owner-spug-list at pm.org using -f
> > From: "Kim Goldov" <goldov at sounddomain.com>
> > To: "Seattle Perl Users Group" <spug-list at pm.org>
> > Subject: SPUG: This /bin/ps is not secure for setuid operation
> > Date: Thu, 20 Jul 2000 11:15:57 -0700
> > X-Priority: 3 (Normal)
> > X-MSMail-Priority: Normal
> > X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
> > 
> > I've written a setuid script that runs as root and needs to look at the
> > output of the ps command....
> > 
> > $ENV{PATH} = "/sbin:/usr/sbin:/bin:/usr/bin:/usr/X12R6/bin" ;
> > $ENV{BASH_ENV} = "" ;
> > $ENV{ENV} = "" ;
> > 
> > open (PS, "/bin/ps -ef|") || die "ouch" ;
> > my @ps = <PS> ;
> > 
> > It is failing with the following warning:
> > 
> > This /bin/ps is not secure for setuid operation.
> > 
> > If I do /bin/ls instead of /bin/ps there is no warning.
> > 
> > I could fork off a child and run the /bin/ps under the real uid, however I
> > don't see why I should have to do this. I'm not even trying to use any
> > tainted data. Why should /bin/ps be a problem and not /bin/ls?

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Alan E. Derhaag           N2H2, Creators of Bess and Searchopolis
phone: 206-336-2972                 900 Fourth Avenue, Suite 3400
email: aderhaa at n2h2.com,aderhaag at wolfenet.com   Seattle, WA 98164
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
     POST TO: spug-list at pm.org       PROBLEMS: owner-spug-list at pm.org
      Subscriptions; Email to majordomo at pm.org:  ACTION  LIST  EMAIL
  Replace ACTION by subscribe or unsubscribe, EMAIL by your Email-address
 For full traffic, use spug-list for LIST ; otherwise use spug-list-digest
  Seattle Perl Users Group (SPUG) Home Page: http://www.halcyon.com/spug/





More information about the spug-list mailing list