Changing GID inside csh script
Tom Christiansen
tchrist at convex.COM
Thu May 16 22:41:27 AEST 1991
>From the keyboard of weimer at ssd.kodak.com:
:example% chgrp cad <script>
:example% chmod g+s <script>
:
:(assuming <script> is the script that is being run)
:
:This will change the group of the script to 'cad' and then set the group
:id on execution.
Because if it works as you want it to work (and won't on all systems),
then it will in all likelihood also allow anyone who cares to bother to
execute any arbitrary command as group cad, including:
cp /bin/sh /tmp/cad
chmod g+s /tmp/cad
Perhaps this doesn't bother you. It would bother me.
Why should this be, you ask? Because this is one of those lurking
security holes that few vendors if any have ever bothered to fix or to
tell their customers about. On most systems that support them, a suid
script allows you to execute arbitrary commands under that uid, and a g+s
script does the same for that gid. Never have such on your system
unless you can prove that you don't have the bug: inspection of the
kernel code for execve() is usually enough to tell. If your system
doesn't have /dev/fd's, I doubt whether it's fixed.
--tom
--
Tom Christiansen tchrist at convex.com convex!tchrist
"So much mail, so little time."
More information about the Comp.unix.questions
mailing list