running a background bash script as root. dangerous?

Hi, I've made a bash shell script that may need to be run as root
(sometimes). The script will be run as cron job (and could be running
for hours when launched). I would like to know if it can be a security
issue to run a shell script as root? And what solution could I use if
it needs root previleges.

I know that a perl script would be more safe, but I wanted to make a
shell script.

Thanks in advance

someone92@hotmail.com writes:

>Hi, I've made a bash shell script that may need to be run as root
>(sometimes). The script will be run as cron job (and could be running
>for hours when launched). I would like to know if it can be a security
>issue to run a shell script as root? And what solution could I use if
>it needs root previleges.

It should be fine. No different than running the program as root from the
console.

What is dangerous ( and bash will not let you do) is run a shell script as
suid root.

>I know that a perl script would be more safe, but I wanted to make a
>shell script.

No difference in safety.

>Thanks in advance

On 31 Dec 2005 15:17:56 -0800, someone92@hotmail.com wrote:

>Hi, I've made a bash shell script that may need to be run as root
>(sometimes). The script will be run as cron job (and could be running
>for hours when launched). I would like to know if it can be a security
>issue to run a shell script as root? And what solution could I use if
>it needs root previleges.
>
>I know that a perl script would be more safe, but I wanted to make a
>shell script.

Huh? Why would perl be any safer than shell script?

I made a bash script to run as a cron job as root 'cos it must access
/var/log/messages, I feel secure ;-) I don't even mind sharing it:
http://bugsplatter.mine.nu/bash/junk/junkdata.html

Show us the script, perhaps we can tell you something? With no idea
what you are trying to achieve, what sort of information you after?

Grant.
And here 'tis already next year ;)

Unruh wrote:
> someone92@hotmail.com writes:
>
>
>>Hi, I've made a bash shell script that may need to be run as root
>>(sometimes). The script will be run as cron job (and could be running
>>for hours when launched). I would like to know if it can be a security
>>issue to run a shell script as root?

You would, obvioiusly, need to ensure that no-one other than
root could write to the script or any commands it contained.

Unruh <unruh-spam@physics.ubc.ca> (05-12-31 23:39:53):

> someone92@hotmail.com writes:
>
> >Hi, I've made a bash shell script that may need to be run as root
> >(sometimes). The script will be run as cron job (and could be running
> >for hours when launched). I would like to know if it can be a
> >security issue to run a shell script as root? And what solution could
> >I use if it needs root previleges.
>
> It should be fine. No different than running the program as root from
> the console.

Some minor differences. Bash is running with a different configuration
for non-interactive shells (i.e. scripts).


> What is dangerous ( and bash will not let you do) is run a shell
> script as suid root.

It's not Bash, which doesn't let you; it's Linux. The SetUID bit on
non-binaries (scripts) has no effect. Hence you also cannot SUID a Perl
script to root. I don't know how it's handled, if the binary
(e.g. /bin/bash) is itself SUID to root, though.


> >I know that a perl script would be more safe, but I wanted to make a
> >shell script.
>
> No difference in safety.

It's easier to make mistakes in a shell script. Even though the Perl
syntax is horrible, the shell's syntax is even worse.

Regards.