[lug] Cron ssh suid problem
Glenn Murray
gmurray at Mines.EDU
Fri Sep 7 16:06:08 MDT 2001
Well, experimentation revealed that copying the contents of userA's
.ssh/ to userB's .ssh/ gave userB all the ssh privileges of userA.
This solves the immediate problem. But is this bad, security-wise?
Does it make a difference if userA or userB is root?
Glenn Murray
www.mines.edu/~glenn/public_html/Welcome.html
On 7 Sep 2001, Tkil wrote:
> >>>>> "Glenn" == Glenn Murray <gmurray at Mines.EDU> writes:
>
> Glenn> I am trying to run a shell script from cron. [...] Why doesn't
> Glenn> the suid bit work?
>
> most systems no longer allow setuid scripts; they are too easy to
> abuse (in the sense that they are relatively easy to exploit to gain
> access; the attack i remember involved running the script at such a
> high nice level that you could link a different script in between the
> time it established credentials and actually started parsing the
> file. there might also have been an IFS-based attack...).
>
> the way around this is usually by using a small C wrapper that does
> the setuid work, then execs the script as the appropriate user. see,
> for example, "suexec" as ships with apache.
>
> as for your current problem, i don't know enough about how ssh uses
> identity files to help.
>
> t.
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>
More information about the LUG
mailing list