secure_sid_scripts.5 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

secure_sid_scripts(5) secure_sid_scripts(5)

(Tunable Kernel Parameters)

NAME

secure_sid_scripts - controls whether setuid and setgid bits on scripts are honored

VALUES

Failsafe

Default

Allowed values

0-1

Recommended values

0-1

DESCRIPTION

This tunable controls whether setuid and setgid bits on executable scripts have any effect. Honoring

set*id on scripts make a system vulnerable to attack by malicious users.

The default value for this variable is 1, indicating that

set*id bits are to be ignored by the execve (2)

system call for higher security. The tunable can be set to 0 for a compatibility with older releases at the

expense of security. Hewlett-Packard strongly recommends that you not change the value of this tunable

unless there is an urgent need to do so.

When a script with

set*id bits is executed, the kernel generates the following error message to both the

terminal controlling and the system log. (To view the error message, use dmesg(1M) or inspect

/var/adm/syslog/syslog.log

Warning: Ignoring set*id bit on program_name as the tunable

secure_sid_scripts is set.

Who is Expected to Change This Tunable?

Administrator.

Restrictions on Changing

Changes to this tunable take effect for new scripts started after the change.

When Should the Value of This Tunable Be Changed?

This tunable controls operational modes rather than data structure sizes and limits. The appropriate set-

ting for a system depends on whether you consider security or compatibility to be most important.

A value of

0 is compatible with previous releases of HP-UX, but it is also less secure.

A value of

1 provides security against race condition attacks exploiting set*id scripts.

What Are the Side Effects of Changing the Value

This tunable controls only executable scripts (not programs) with

set*id bit set. HP-UX does not ship

with any such scripts. If the customer wishes to use set*id scripts, third party applications such as

suidperl or sudo can be used. Alternatively, the shell script can be wrapped in a simple C program

that runs the shell script with appropriate permissions:

#include <unistd.h>

#include <stdlib.h>

#include <string.h>

#define SETUID_SCRIPT "/usr/local/bin/cdeject"

int main(int argc, char *const argv[])

{

if (strcmp(argv[1], SETUID_SCRIPT) == 0) {

execv(argv[1], argv+1);

perror(argv[0]);

} else {

fprintf(stderr, "%s is not a known setuid script\n",

argv[1] ? argv[1] : "unspecified-script" );

}

HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1

Summary of content (2 pages)

PAGE 1
secure_sid_scripts(5) secure_sid_scripts(5) (Tunable Kernel Parameters) NAME secure_sid_scripts - controls whether setuid and setgid bits on scripts are honored VALUES Failsafe 0 Default 1 Allowed values 0-1 Recommended values 0-1 DESCRIPTION This tunable controls whether setuid and setgid bits on executable scripts have any effect. Honoring set*id on scripts make a system vulnerable to attack by malicious users.
PAGE 2
secure_sid_scripts(5) secure_sid_scripts(5) (Tunable Kernel Parameters) exit(1); } What Other Tunable Values Should Be Changed at the Same Time? None. WARNINGS None. All HP-UX kernel tunable parameters are release specific. This parameter may be removed or have its meaning changed in future releases of HP-UX. Installation of optional kernel software, from HP or other vendors, may cause changes to tunable parameter values.