Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: newgrp



> > It is probably not the best solution, but I went around the lack of
> > newgrp command by writing the following script, and then asked my
> > administrator to change the owner to root and mode to 4755,
> > and finally add the alias newgrp='exec newgrp'.
> > At least it works !
> 
> Be careful with that.  Zsh was not designed to run setuid scripts although
> some attempt was made to make is somewhat secure.  I do hope that the
> script you wrote is secure but I cannot guarantee that zsh has no bugs that
> can be exploited to gain root privileges.  And I would not run ypcat and
> grep with 0 euid.  I would use this:

I'm very surprised your administrator did this.  This would make me too
nervous.

On many OS's, setuid scripts are not possible.  They are disabled at
the kernel level.  It's too easy to exploit race conditions in the
way many older kernels pass the pathname of the script to the interpreter.

I believe on some newer OS's (I believe Solaris is an example), the
kernel uses the /dev/fd filesystem to pass open file descriptors to the
interpreter, rather than passing the pathname of the script.  This removes
that race condition.

But no one has done a thorough check of the zsh source code to check how
secure it is with respect to setuid scripts.  My guess is that is can be
subverted with many of the standard tricks that have been used in the past
(buffer overrun problems in sprintf, etc...).

I would caution against using setuid zsh scripts at this point.

rc



Messages sorted by: Reverse Date, Date, Thread, Author