1

When searching for how to drop root permissions in shell scripts, I often see answers using su. However, when you're done using su you can just type logout and be back at the shell of the original user. I have a bash script running as root, and I do this at the end: 

exec su -c "external_com" - muser

This results in the following process tree: 

  PID USER      PRI  NI  VIRT   RES   SHR S CPU% MEM%   TIME+  Command
    1 root       20   0 37352  2500  2192 S  0.0  0.0  0:00.02 su -c external_com
    5 muser      20   0 85548  6292  5156 S  0.0  0.0  0:00.47 └─ external_com
   13 muser      20   0 85548  6292  5156 S  0.0  0.0  0:00.35    ├─ external_com
   12 muser      20   0 85548  6292  5156 S  0.0  0.0  0:00.02    ├─ external_com

I cannot control external_com, and it doesn't call setuid internally. It presents a web interface that's public to the world. If someone somehow gets a console through a security hole in the web interface, could they just call logout and be a root user?

EDIT: If I'm reading correctly, a better approach is to just run the script as muser and allow muser to sudo the few commands it needs. I'd still like an answer to this question though, as it's valuable information to know :)

Hamy
  • 367
  • 3
  • 11

1 Answers1

0

No, that is not a thing to be concerned about.

If someone obtained a shell as a result of a security hole in external_com, then all they could do is run commands as muser. If they exited that shell (with logout), then that's the end of that shell process; they don't end up back as root. When external_com ends, the process/script that started it will exit (because you did an 'exec')

Craig Miskell
  • 4,216
  • 1
  • 16
  • 16
  • Just a comment, unrelated to the security-related nature of the question. You should rather use "runuser" for this purpose rather than "su". – Florin Asăvoaie Mar 07 '15 at 09:46