setuid shell scripts (was: Re: Running processes as root)
Bevis Ip
ip at me.utoronto.ca
Thu Oct 26 10:08:57 AEST 1989
>>Yeah, one must use the #! mechanism; SO WHAT!? I never denied that!
>>And I showed how safe setuid scripts (NOTE: Chris didn't even say *shell*
>>scripts) could be created. You want an example? Right, put the following
>>in a file /etc/fubar:
>>
>> #!/bin/sh /etc/fubar
>> echo "Am I right or am I right?"
>>
>>You're a pretty smart fellow if you can break this one (or you're root).
>
Sigh... on some systems (SGI, for example), your script will never get
parsed after the first character. There are more than just the
kernel which make setuid script insecure...
bevis
--
Bevis Ip <> ip at me.toronto.edu, ip at me.utoronto.ca
University of Toronto <> {pyramid,uunet}!utai!me!ip
Mechanical Engineering <> {allegra,decwrl}!utcsri!me!ip
More information about the Comp.unix.questions
mailing list