3 ?RCS: Copyright (c) 1991-1997, 2004-2006, Raphael Manfredi
5 ?RCS: You may redistribute only under the terms of the Artistic License,
6 ?RCS: as specified in the README file that comes with the distribution.
7 ?RCS: You may reuse parts of this distribution only within the terms of
8 ?RCS: that same Artistic License; a copy of which may be found at the root
9 ?RCS: of the source tree for dist 4.0.
11 ?RCS: Tye McQueen <tye@metronet.com> added safe setuid script checks.
13 ?RCS: $Log: d_dosuid.U,v $
14 ?RCS: Revision 3.0.1.2 1997/02/28 15:33:03 ram
15 ?RCS: patch61: moved unit to TOP via a ?Y: layout directive
16 ?RCS: patch61: tell them /dev/fd is not about floppy disks
18 ?RCS: Revision 3.0.1.1 1994/10/29 16:12:08 ram
19 ?RCS: patch36: added checks for secure setuid scripts (Tye McQueen)
21 ?RCS: Revision 3.0 1993/08/18 12:05:55 ram
22 ?RCS: Baseline for dist 3.0 netwide release.
24 ?MAKE:d_dosuid d_suidsafe: cat contains ls rm test Myread Setvar \
25 Oldconfig Guess package hint
26 ?MAKE: -pick add $@ %<
28 ?S: This variable conditionally defines SETUID_SCRIPTS_ARE_SECURE_NOW
29 ?S: if setuid scripts can be secure. This test looks in /dev/fd/.
32 ?S: This variable conditionally defines the symbol DOSUID, which
33 ?S: tells the C program that it should insert setuid emulation code
34 ?S: on hosts which have setuid #! scripts disabled.
36 ?C:SETUID_SCRIPTS_ARE_SECURE_NOW:
37 ?C: This symbol, if defined, indicates that the bug that prevents
38 ?C: setuid scripts from being secure is not present in this kernel.
41 ?C: This symbol, if defined, indicates that the C program should
42 ?C: check the script that it is executing for setuid/setgid bits, and
43 ?C: attempt to emulate setuid/setgid on systems that have disabled
44 ?C: setuid #! scripts because the kernel can't do it securely.
45 ?C: It is up to the package designer to make sure that this emulation
46 ?C: is done securely. Among other things, it should do an fstat on
47 ?C: the script it just opened to make sure it really is a setuid/setgid
48 ?C: script, it should make sure the arguments passed correspond exactly
49 ?C: to the argument on the #! line, and it should not trust any
50 ?C: subprocesses to which it must pass the filename rather than the
51 ?C: file descriptor of the script to be executed.
53 ?H:#$d_suidsafe SETUID_SCRIPTS_ARE_SECURE_NOW /**/
54 ?H:#$d_dosuid DOSUID /**/
60 : see if setuid scripts can be secure
63 Some kernels have a bug that prevents setuid #! scripts from being
64 secure. Some sites have disabled setuid #! scripts because of this.
66 First let's decide if your kernel supports secure setuid #! scripts.
67 (If setuid #! scripts would be secure but have been disabled anyway,
68 don't say that they are secure if asked.)
73 if $test -d /dev/fd; then
77 if $contains "/dev/fd" flect >/dev/null; then
78 echo "Congratulations, your kernel has secure setuid scripts!" >&4
82 If you are not sure if they are secure, I can check but I'll need a
83 username and password different from the one you are using right now.
84 If you don't have such a username or don't want me to test, simply
88 rp='Other username to test security of setuid scripts with?'
94 '') echo "I'll assume setuid scripts are *not* secure." >&4
97 echo "Well, the $hint value is *not* secure." >&4
99 *) echo "Well, the $hint value *is* secure." >&4
105 echo "#!$ls" >reflect
109 echo '"su" will (probably) prompt you for '"$ans's password."
110 su $ans -c './reflect >flect'
111 if $contains "/dev/fd" flect >/dev/null; then
112 echo "Okay, it looks like setuid scripts are secure." >&4
115 echo "I don't think setuid scripts are secure." >&4
120 rp='Does your kernel have *secure* setuid scripts?'
123 [yY]*) val="$define";;
128 echo "I don't think setuid scripts are secure (no /dev/fd directory)." >&4
129 echo "(That's for file descriptors, not floppy disks.)"
137 : now see if they want to do setuid emulation
140 case "$d_suidsafe" in
143 echo "No need to emulate SUID scripts since they are secure here." >& 4
147 Some systems have disabled setuid scripts, especially systems where
148 setuid scripts cannot be secure. On systems where setuid scripts have
149 been disabled, the setuid/setgid bits on scripts are currently
150 useless. It is possible for $package to detect those bits and emulate
151 setuid/setgid in a secure fashion. This emulation will only work if
152 setuid scripts have been disabled in your kernel.
159 rp="Do you want to do setuid/setgid emulation?"
162 [yY]*) val="$define";;