1 ?RCS: $Id: d_dosuid.U,v 3.0.1.2 1997/02/28 15:33:03 ram Exp $
3 ?RCS: Copyright (c) 1991-1993, Raphael Manfredi
5 ?RCS: You may redistribute only under the terms of the Artistic Licence,
6 ?RCS: as specified in the README file that comes with the distribution.
7 ?RCS: You may reuse parts of this distribution only within the terms of
8 ?RCS: that same Artistic Licence; a copy of which may be found at the root
9 ?RCS: of the source tree for dist 3.0.
11 ?RCS: Tye McQueen <tye@metronet.com> added safe setuid script checks.
13 ?RCS: $Log: d_dosuid.U,v $
14 ?RCS: Revision 3.0.1.2 1997/02/28 15:33:03 ram
15 ?RCS: patch61: moved unit to TOP via a ?Y: layout directive
16 ?RCS: patch61: tell them /dev/fd is not about floppy disks
18 ?RCS: Revision 3.0.1.1 1994/10/29 16:12:08 ram
19 ?RCS: patch36: added checks for secure setuid scripts (Tye McQueen)
21 ?RCS: Revision 3.0 1993/08/18 12:05:55 ram
22 ?RCS: Baseline for dist 3.0 netwide release.
24 ?MAKE:d_dosuid d_suidsafe: cat contains ls rm test Myread Setvar \
25 Oldconfig Guess package hint
26 ?MAKE: -pick add $@ %<
28 ?S: This variable conditionally defines SETUID_SCRIPTS_ARE_SECURE_NOW
29 ?S: if setuid scripts can be secure. This test looks in /dev/fd/.
32 ?S: This variable conditionally defines the symbol DOSUID, which
33 ?S: tells the C program that it should insert setuid emulation code
34 ?S: on hosts which have setuid #! scripts disabled.
36 ?C:SETUID_SCRIPTS_ARE_SECURE_NOW:
37 ?C: This symbol, if defined, indicates that the bug that prevents
38 ?C: setuid scripts from being secure is not present in this kernel.
41 ?C: This symbol, if defined, indicates that the C program should
42 ?C: check the script that it is executing for setuid/setgid bits, and
43 ?C: attempt to emulate setuid/setgid on systems that have disabled
44 ?C: setuid #! scripts because the kernel can't do it securely.
45 ?C: It is up to the package designer to make sure that this emulation
46 ?C: is done securely. Among other things, it should do an fstat on
47 ?C: the script it just opened to make sure it really is a setuid/setgid
48 ?C: script, it should make sure the arguments passed correspond exactly
49 ?C: to the argument on the #! line, and it should not trust any
50 ?C: subprocesses to which it must pass the filename rather than the
51 ?C: file descriptor of the script to be executed.
53 ?H:#$d_suidsafe SETUID_SCRIPTS_ARE_SECURE_NOW /**/
54 ?H:#$d_dosuid DOSUID /**/
59 : see if setuid scripts can be secure
62 Some kernels have a bug that prevents setuid #! scripts from being
63 secure. Some sites have disabled setuid #! scripts because of this.
65 First let's decide if your kernel supports secure setuid #! scripts.
66 (If setuid #! scripts would be secure but have been disabled anyway,
67 don't say that they are secure if asked.)
72 if $test -d /dev/fd; then
76 if $contains "/dev/fd" flect >/dev/null; then
77 echo "Congratulations, your kernel has secure setuid scripts!" >&4
81 If you are not sure if they are secure, I can check but I'll need a
82 username and password different from the one you are using right now.
83 If you don't have such a username or don't want me to test, simply
87 rp='Other username to test security of setuid scripts with?'
93 '') echo "I'll assume setuid scripts are *not* secure." >&4
96 echo "Well, the $hint value is *not* secure." >&4
98 *) echo "Well, the $hint value *is* secure." >&4
104 echo "#!$ls" >reflect
108 echo '"su" will (probably) prompt you for '"$ans's password."
109 su $ans -c './reflect >flect'
110 if $contains "/dev/fd" flect >/dev/null; then
111 echo "Okay, it looks like setuid scripts are secure." >&4
114 echo "I don't think setuid scripts are secure." >&4
119 rp='Does your kernel have *secure* setuid scripts?'
122 [yY]*) val="$define";;
127 echo "I don't think setuid scripts are secure (no /dev/fd directory)." >&4
128 echo "(That's for file descriptors, not floppy disks.)"
136 : now see if they want to do setuid emulation
139 case "$d_suidsafe" in
142 echo "No need to emulate SUID scripts since they are secure here." >&4
146 Some systems have disabled setuid scripts, especially systems where
147 setuid scripts cannot be secure. On systems where setuid scripts have
148 been disabled, the setuid/setgid bits on scripts are currently
149 useless. It is possible for $package to detect those bits and emulate
150 setuid/setgid in a secure fashion. This emulation will only work if
151 setuid scripts have been disabled in your kernel.
158 rp="Do you want to do setuid/setgid emulation?"
161 [yY]*) val="$define";;