Re: Suid Shell Scripts

From: Helge Hafting (helgehaf@idb.hist.no)
Date: Thu Jan 20 2000 - 09:58:26 EST


> what is the downside to allowing suid/guid ONLY to a **non root/privileged
> user/group** for shell scripts?

Exactly the same downside as with suid/guid to root shell scripts:

An exploit is possible where someone can gain that userid
running something other than the shell script. Such
as a generic shell.

If you need this - use the trivial workaround:

A short c program that runs that particular shell script, and passes
parameters on to it. compile it and make it setuid.
There should be some safety checks in that program, such as verifying
the script.

Helge Hafting

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sun Jan 23 2000 - 21:00:23 EST