ksh executing a file without read permission
Conor P. Cahill
cpcahil at virtech.uucp
Fri Dec 8 06:40:00 AEST 1989
In article <5516 at hplabsb.HP.COM>, quan at hplabsb.HP.COM (Suu Quan) writes:
> Ksh question:
>
> In "The KORN shell Command and Programming language", by Bolsky & Korn,
> Part I INTRODUCTION, page 6.
>
> "BETTER SECURITY. Ksh allows a system administrator to log and/or
> disable all priviledged scripts. On current UNIX systems, users need
> read permission to execute a script. With ksh, a system administrator
> can allow ksh to read and execute a script without giving a user
> permission to read it"
>
> Exactly what I want : have a file with permissions --x--x--x
> and have everyone execute it without being able to read it.
>
> How do you do it ?
The manual is talking about "privileged scripts" otherwise known as setuid
scripts. When ksh is invoked to run a script file that has setuid bits set,
it invokes a setuid-root program which will then set it's effective ids as
is appropriate. Since this is a setuid root program, it can
read any file on the system reguardless of the modes of said file.
Note that only the specal program to set uids can read whatever file, not
the script itself.
--
+-----------------------------------------------------------------------+
| Conor P. Cahill uunet!virtech!cpcahil 703-430-9247 !
| Virtual Technologies Inc., P. O. Box 876, Sterling, VA 22170 |
+-----------------------------------------------------------------------+
More information about the Comp.unix.wizards
mailing list