Re: using mount from SUID scripts?

Jesse Pollard (jesse@cats-chateau.net)
Tue, 7 Aug 2001 21:29:07 -0500

On Tue, 07 Aug 2001, Keith Owens wrote:
>On Tue, 7 Aug 2001 16:29:39 -0700,
>Matthew Dharm <mdharm-kernel@one-eyed-alien.net> wrote:
>>I've got an SUID perl script (yes, it's EUID is really 0) which I'd like to
>>use mount from to mount a file via loopback...
>>
>>Unfortunately, it looks like mount refuses to actually mount anything if
>>the EUID and UID aren't the same....
>
>Are you sure the problem is mount? Some versions of bash drop euid(0)
>when they execute scripts from setuid programs.
>

not mount, and likely not the shell - the thing is that perl doesn't like it
when the effective uid is not equal to the real uid. Perl is very good at
limiting the damange an unsuspecting script does. This is to prevent passing
a "confused" environment to the shell.

The following can work around this:

($r,$e) = ( $>, $< ); # save real and effective uid's
$< = $e; # force real uid to the effective
`/bin/mount ....`
($>, $<) = ($r,$e); # restore mixed state

Remember, the options to mount should come from a fixed table with user
selected input used to select which table entry to use... or a strictly
fixed mount command.

Otherwise you have an even bigger security hole.

-- 
-------------------------------------------------------------------------
Jesse I Pollard, II
Email: jesse@cats-chateau.net


Any opinions expressed are solely my own.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/