in reply to Re^4: How can a script use a password without making the password visible?
in thread How can a script use a password without making the password visible?

then you have to trust your security admin

... and now guess who that might be. ;-)

But that's not all of the problem. You don't just have to trust root that he is not malicious. You also have to trust root that he is not lazy, uninformed or simply stupid: Imagine a secuity bug in a completely unrelated program running setuid root or a service started as root. A trustworthy root should install the relevant security update; and he should disable that program or service or at least apply a workaround while no update is available. And root should not give out permissions to any user like candy. Imagine a root doing chmod 4755 exe && chown 0:0 exe for any program a student or intern or manager demands that for. Imagine a root allowing anyone to load a new kernel module.

Update: There are usually more setuid/setgid programs than you might expect. Just for fun, I ran this little script:

#!/usr/bin/perl use v5.12; use warnings; use autodie qw( :all ); my %seen; my @path=grep { !$seen{$_}++ } split /:/,$ENV{'PATH'}; for my $dirname (@path) { opendir(my $dir,$dirname); while (readdir $dir) { next if -l "$dirname/$_"; next unless -f -x _; (undef,undef,my $mode)=stat _; unless (defined $mode) { warn "Can't stat $dirname/$_: $!\n"; next; } ($mode & 06000) or next; printf("%04o %s\n",($mode & 07777),"$dirname/$_"); } closedir $dir; }

It found 36 binaries in $ENV{'PATH'} running setuid or setgid on my home server:

4511 /sbin/mount.nfs 4711 /usr/bin/newuidmap 4755 /usr/bin/pkexec 4711 /usr/bin/newgidmap 4711 /usr/bin/newgrp 2755 /usr/bin/write 2755 /usr/bin/wall 4711 /usr/bin/traceroute6 4755 /usr/bin/cgexec 4711 /usr/bin/crontab 4711 /usr/bin/expiry 4711 /usr/bin/gpasswd 2755 /usr/bin/slocate 2751 /usr/bin/xlock 4750 /usr/bin/fdmount 4711 /usr/bin/chfn 4711 /usr/bin/passwd 4711 /usr/bin/sudo 2755 /usr/bin/lockfile 4711 /usr/bin/chage 4711 /usr/bin/chsh 6755 /usr/bin/procmail 4711 /bin/ping6 4755 /bin/umount 4755 /bin/mount 4711 /bin/ping 4755 /bin/fusermount 4711 /bin/su 4511 /opt/VirtualBox/VirtualBox 4511 /opt/VirtualBox/VBoxVolInfo 4511 /opt/VirtualBox/VBoxSDL 4511 /opt/VirtualBox/VBoxNetAdpCtl 4511 /opt/VirtualBox/VBoxHeadless 4511 /opt/VirtualBox/VBoxNetDHCP 4511 /opt/VirtualBox/VBoxNetNAT 4755 /opt/exim/bin/exim-4.72-1

I should ask root a.k.a. myself: Do I need all of these? Do all of these have to run setuid? Are there more, in directories outside $ENV{'PATH'}?


Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)