Re: Executable shell scripts
From: Mark Rosenstand
Date: Sat May 13 2006 - 07:44:46 EST
Bernd Petrovitsch <bernd@xxxxxxxxx> wrote:
> On Sat, 2006-05-13 at 13:03 +0200, Mark Rosenstand wrote:
> [...]
> > A more useful case is when you setuid the script (and no, this doesn't
> > need to be running as root and/or executable by all.)
>
> Apart from the permission bug: This has been purposely disabled since it
> is way to easy to write exploitable shell or other scripts.
> Use a real programming languages, sudo or a trivial wrapper in C ....
It isn't a bug on systems that support executable shell scripts.
Doing security policy based on programming language seems weird at
best, especially when the only user able to make those decisions is the
superuser.
Obviously the security-unaware people over at the OpenBSD camp must be
completely clueless when they don't disallow the superuser to do this.
I'm looking forward to the day where I'm no longer allowed to make
changes to /etc/ld.so.conf because it's a system file.
Anyway, is it possible to enable this functionality?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/