Cgi Script Security

An issue with SheBang (#!) directed interpreted scripts is that it is possible to overload the server and convince the interpreter to execute a different (hostile) file. If the script has the uid set to a user, or worse to root, considerable damage is possible. For this reason, interpreted languages are sometimes prevented from setuid() and assigned the permissions of 'nobody'. It is possible however to write a short compiled program that sets or acquires a uid and then calls the interpreted script, thereby giving the interpreted script the permissions of the compiled program.

Q: Is this workaround actually any more secure than allowing the scripted language to setuid itself?

A: Yes, it is more secure. The wrapper program typically has hard-coded path names that point to a directory only writeable by root. Set-uid shell scripts are fundamentally insecure. If you ever find a single one on a system, follow these simple steps to get root access:

• 1. Create a script that does the desired act, e.g. simply start a shell (the single line "sh" suffices). Call this script "nefarious" and put it in your home directory.
• 2. Link the setuid script to "trusted" in your home directory.
• 3. Now do: "mv nefarious trusted & ./trusted &"
• 4. If we get a root shell, done. If not, go back to step 2.

This will eventually give you a root shell.

---

CategorySecurity