Privileged Mode

The one way to protect against Trojan horses is privileged mode. This is a set -o option (set -o privileged or set -p).

In privileged mode, when an suid bash shell script is invoked, the shell does not run the user's environment file—i.e., it doesn't expand the user's BASH_ENV environment variable.

广告:个人专属 VPN,独立 IP,无限流量,多机房切换,还可以屏蔽广告和恶意软件,每月最低仅 5 美元

Since privileged mode is an option, it is possible to turn it off with the command set +o privileged (or set +p). But this doesn't help the potential system cracker: the shell automatically changes its effective user ID to be the same as the real user ID—i.e., if you turn off privileged mode, you also turn off suid.

Privileged mode is an excellent security feature; it solves a problem that originated when the environment file idea first appeared in the C shell.

Nevertheless, we still strongly recommend against creating suid shell scripts. We have shown how bash protects against break-ins in one particular situation, but that certainly does not imply that bash is "safe" in any absolute sense. If you really must have suid scripts, you should carefully consider all relevant security issues.

Finally, if you would like to learn more about UNIX security, we recommend Practical UNIX and Internet Security, by Gene Spafford and Simson Garfinkel (O'Reilly ).

 

[11] This feature is not documented in the manual pages for old versions of bash.

[12] If this option has been included when the shell was compiled. See Chapter 11 for details on configuring bash.

[13] In fact, most versions of UNIX intentionally disable the suid feature for shell scripts.