Are setuid shell scripts safe? (Implied by security_bprm_creds_for_exec)
Al Viro
viro at zeniv.linux.org.uk
Thu Dec 4 05:49:15 UTC 2025
On Wed, Dec 03, 2025 at 02:16:29PM +0100, Bernd Edlinger wrote:
> Hmm, yes, that looks like an issue.
>
> I would have expected the security engine to look at bprm->filenanme
> especially in the case, when bprm->interp != bprm->filename,
> and check that it is not a sym-link with write-access for the
> current user and of course also that the bprm->file is not a regular file
> which is writable by the current user, if that is the case I would have expected
> the secuity engine to enforce non-new-privs on a SUID executable somehow.
Check that _what_ is not a symlink? And while we are at it, what do write
permissions to any symlinks have to do with anything whatsoever?
More information about the Linux-security-module-archive
mailing list