From: alberto@calliope.cccfc.uam.es
Date: Mon Jan 20 2003 - 07:46:38 EST
Dear everyone,
Thank you everybody for your quick(s) answer(s). I report below these, but
in summary there are 2 solutions:
1) Use some facilities to "change" the execution user or mask the script,
like sudo, dop.
2) Use some c-compiled code that calls the script.
It seems to be impossible to execute without reading.
Thank you again,
Regards,
*****
From: "Nemholt, Jesper Frank" <JesperFrank.Nemholt@hp.com>
Use DOP or SUDO and let the script be owned by another user and without
read permissions for the user executing it.
DOP and SUDO (and SUR) are tools that allow users to execute selected
commands/scripts/programs as another user.
DOP is available on v4.x and v5.x, but only documented and supported on
v5.x. SUDO is the OpenSource alternative to DOP. It's a bigger package
and offer more features, but unlike DOP, it's not supported by HP
(anyway it works fine).
--
Un saludo / Venlig hilsen / Regards
*****
*****
>From tpb@doctor.zk3.dec.com Mon Jan 20 11:26:15 2003
How would that work? The shells are non-privileged user programs,
if they can't read the script they can't interpret it. You need to
think about WHY what you are trying to do makes any possible sense;
there is no simple technical solution that will accomplish whatever
you think this will do for you short of writing compiled programs.
And if I'm not mistaken, even they have to be readable by the user
who invokes them, although I may be mistaken.
Tom
*****
*****
>From stan@temple.edu Mon Jan 20 11:26:17 2003
I am not positive about this, but I think you might be able to achieve
this if you install the ACL feature and then set the appropriate ACLs for
the directory and script file. Its a long-shot though, but its worth
looking into.
*****
*****
>From cerberus@aol.net Mon Jan 20 11:26:19 2003
Greetings,
To answer your question, no. The executing shell needs to be able to read
the code inside the script. It must be readable for it to function. If
you want the code to be executable only, re-write it in C (the only
solution we were able to come up with for *exactly* the same problem).
Good luck,
-dave
*****
*****
>From BREWERE@OD.NIH.GOV Mon Jan 20 11:26:21 2003
Alberto,
You could use sudo to allow scripts or commands to run but not allow the
user to view the contents. You have to be carefull in how you set up your
sudoers file.
Lee Brewer
*****
*****
>From KeithTexel@eversheds.com Mon Jan 20 11:26:23 2003
chmod 111 <filename> will give us execute permissions on the file.
K
*****
*****
>From ForgetS@DFO-MPO.GC.CA Mon Jan 20 11:26:25 2003
Buenos dias Alberto.
Have you thought of the "sticky bit"? This allows execution without giving
full privileges.
Like this:
# chmod 4755 your_script_filename
# ls -l your_script_filename
-rwsr-xr-x 1 root system 2007040 Oct 30 10:54 your_script_filename*
Note the "s" above.
Hope this helps.
Serge Forget
*****
*****
>From farrell@pangea.Stanford.EDU Mon Jan 20 11:26:30 2003
Hi Alberto,
Here's a workaround.
Put the real script in another directory, with no read or execute
access to the world, but with both read and execute access to a
group that you create.
Make a tiny C program that simply calls this script. Make that
C program setgid to the group that has access to the real script.
Your user runs the C program, which is compiled, and anyway has
no information of interest in it. That program runs the real
script, which the user cannot see on his own.
I've appended a small C program that I wrote that will do the job,
named "callscript". I tested this on my Tru64 UNIX system v4.0g.
-Phil Farrell
----------cut here for callscript program-------------
/*
callscript
P. Farrell Jan 17, 2003
Simply execute the script or command (with optional arguments)
passed as argument(s). Use this to "hide" the contents of a script.
Make the script with no world read or execute access. Put the script
and this program into the same UNIX group. Make this program setgid.
When this program runs, it changes to the desired group and is then
able to run the script. Make sure the user's path includes the
directories where this program and the called script reside.
Example:
callscript myscript myargs
This program based on routines described in Kernighan, Brian W.,
and Pike, Rob, "The UNIX Programming Environment", Prentice Hall, 1984
Compile with: cc -o callscript callscript.c
*/
#include <stdio.h>
char *progname;
main(argc, argv)
int argc;
char *argv[];
{
progname = argv[0];
/*
Check that we got a command to execute as argument(s)
*/
if (argc < 2)
error("Usage: %s command-to-run [command-arguments]",progname);
/*
simply pass arguments along to execlp, which overlays that
program in place of this one. Error message if can't run
*/
else {
execvp(argv[1], &argv[1]);
/* only get here if execvp can't run */
error("can't execute %s", argv[1]);
}
} /* end of main */
error(s1, s2) /* print error message and die */
char *s1, *s2;
{
extern int errno, sys_nerr;
extern char *sys_errlist[], *progname;
if (progname)
fprintf(stderr, "%s: ", progname);
fprintf(stderr, s1, s2);
if (errno > 0 && errno < sys_nerr)
fprintf(stderr, " (%s)", sys_errlist[errno]);
fprintf(stderr, "\n");
exit(1);
} /* end of error function */
*****
*****
>From belonis@dirac.phys.washington.edu Mon Jan 20 11:26:32 2003
public-domain program sudo
protect the script, but require people to run it via sudo which
temporarily gives people root privileges or at least user privileges
for the script.
Alternatively replace the script with a script that runs the desired script
via sudo so no user behaviour changes are required.
Jim Belonis
*****
*****
>From merlin@alek.if.uj.edu.pl Mon Jan 20 11:26:34 2003
you can use the following solution in that problem.
suppouse the script is in the location:
"/path/to/script"
change the owner of the script:
`chown user1.group1 /path/to/script`
change the permissions of script:
`chmod 700 /path/to/script`
remember the id of the user1, you can view it by runnig
`id user1`
in the following i will refer to that id by
writting "U1ID".
now we have to make a small c program:
#include <unistd.h>
#include <stdlib.h>
int main()
{
setuid(U1ID);
system("/path/to/script");
return 1;
}
where U1ID must be numeric value of user1 id.
compile it, by running
`cc -o exec_name sourcefile.c`
(exec_name is the output file name, and sourcefile.c is
a file where you have saved the above code)
change the owner of exec_name to root:
`chown root exec_name`
now add suid to exec_name:
`chmod 4755 exec_name`
this is of course not very good, you have another +s
program, but this one only does two things, changes the
user id to user1, and as user1 runs the /path/to/script.
if you are carefull nothing should go worng. but
you _should_ consult this solution with someone else.
and any user by running exec_name will run /path/to/script
as user1. but only user1 will be able to view the /path/to/script.
greets
pg
*****
*****
>From sainsb_j@chem.usyd.edu.au Mon Jan 20 11:26:37 2003
I think you will need to write a (setgid) wrapper for your scripts
or use sudo
eg
Place all your scripts in a fixed directory
/usr/opt/apps/libexec
script1
script2
etc
Create a unique group for them eg apps
and make your scripts owned by root (or whoever) group apps
read/execute by the owner/group only.
e
chown root:apps script1 script2 etc
chmod 550 script1 script2 etc
Create a C wrapper that execs the scripts
eg roughly
main (int argc, char* argv[]) {
execv ( "/usr/opt/apps/libexec/script1", argv);
exit (EXIT_FAILURE);
}
(see the usenet secure programming faq for details for doing this properly.)
and make the binary setgid apps and place it on the path of your users.
*****
__________________________________________________________________
Alberto Luna administrador.ccc@uam.es
Centro de Computacion Cientifica. Phone : +34 91 397 41 16
Universidad Autonoma de Madrid. Fax : +34 91 397 43 93
28049 - MADRID
SPAIN
__________________________________________________________________
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:49:04 EDT