3.3.1 questions & complaints
Thomas Mitchell
mitch at sgi.com
Tue Oct 23 09:34:56 AEST 1990
In article <1990Sep27.192121.18059 at odin.corp.sgi.com> jweldon at sgi.com (Jack P. Weldon) writes:
* In article <1990Sep26.174852.1344 at ux1.cso.uiuc.edu> wsherman at newton.ncsa.uiuc.edu (William Sherman -Visualization) writes:
* >I'll ask the question before I lose my audience. With the new method
*
* > [X startup question deleted--sorry]
*
* >Okay, my first complaint is about something I'm sure SGI considers
* >a "feature." I have some shell scripts
^SUID
*
* In 3.3, there is a flag to allow suid shell scripts which is shipped
* "off" for security reasons. Edit /usr/sysgen/master.d/kernel and change
* the line "int nosuidshells = 1;" to 0. Then run /etc/init.d/autoconfig
* and reboot (or use lboot if you wish--both build a kernel). Needless to
* say you must be root to do this...And YES, it *is* a feature, not a bug.
Better to write a 'c' program and make it SUID. It can
(should) be very simple. Just issue a "system()" call to do
exactly what you wish no more no less. Do read the book
"UNIX System Security" by Patrick H. Wood and Stephen G. Kochan
Hayden Book Company ISBN 0-8104-6267-2
The program can have an access list, keep track of who what
when, what is mounted etc.
Of course if you are the only user and not on a network
turn the bit off in the kernel as above. Shell scripts
are much shorter than 'c' programs.
Compare:
#!/bin/sh
echo '\0220'1.y$1'\0234'
With the size of a 'c' program to set the title bar of a
'wsh' window.
--
--
Thomas P. Mitchell -- mitch at sgi.com or mitch%relay.csd at sgi.com
"All things in moderation; including moderation."
More information about the Comp.sys.sgi
mailing list