Re: Executable shell scripts
From: Mark Rosenstand
Date: Sat May 13 2006 - 08:23:44 EST
(Cutting Arjan off the CC list, he's been bugged enough for his attempt
to help.)
Bernd Petrovitsch <bernd@xxxxxxxxx> wrote:
> On Sat, 2006-05-13 at 13:45 +0200, Mark Rosenstand wrote:
> > Bernd Petrovitsch <bernd@xxxxxxxxx> wrote:
> > > On Sat, 2006-05-13 at 13:03 +0200, Mark Rosenstand wrote:
> > > [...]
> > > > A more useful case is when you setuid the script (and no, this doesn't
> > > > need to be running as root and/or executable by all.)
> > >
> > > Apart from the permission bug: This has been purposely disabled since it
> > > is way to easy to write exploitable shell or other scripts.
> > > Use a real programming languages, sudo or a trivial wrapper in C ....
> s/languages/language/
>
> And I forgot to mention that a kernel patch is another possibility.
I'm too stupid to provide such myself, but I'd sure enable the Kconfig
option if it was there :)
> > It isn't a bug on systems that support executable shell scripts.
>
> I never wrote that (or anything which implies that directly).
I was commenting on the "Apart from the permission bug" part.
> > Doing security policy based on programming language seems weird at
> > best, especially when the only user able to make those decisions is the
> > superuser.
>
> It boils down to "how easy is it for root to shoot in the foot"?
> And the workarounds are somewhere between trivial and simple.
Or "dare we handle root a gun, it's a powerful weapon but can be used
to shoot at feet." It's obvious what the answer have been for that in
other operating systems, and probably one of the reasons we're here.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/