Cgi Script Security

An issue with SheBang (#!) directed interpreted scripts is that it is possible to overload the server and convince the interpreter to execute a different (hostile) file. If the script has the uid set to a user, or worse to root, considerable damage is possible. For this reason, interpreted languages are sometimes prevented from setuid() and assigned the permissions of 'nobody'. It is possible however to write a short compiled program that sets or acquires a uid and then calls the interpreted script, thereby giving the interpreted script the permissions of the compiled program.

Q: Is this workaround actually any more secure than allowing the scripted language to setuid itself?

A: Yes, it is more secure. The wrapper program typically has hard-coded path names that point to a directory only writeable by root. Set-uid shell scripts are fundamentally insecure. If you ever find a single one on a system, follow these simple steps to get root access:

This will eventually give you a root shell.


CategorySecurity


EditText of this page (last edited September 12, 2004) or FindPage with title or text search