Re: /proc/<pid>/mem unreadable

Miquel van Smoorenburg (miquels@q.cistron.nl)
21 May 1996 17:46:47 +0200


In article <199605071736.NAA11067@krakatoa.ccs.neu.edu>,
Albert Cahalan <albert@ccs.neu.edu> wrote:
>> > What about suid scripts?
>> >
>> suid scripts are not allowed, the setuid bit is ignored for scripts.
>
>Of course, because that is an easy way to plug a security hole.
>
>I was thinking that it would be good to add all the checks to
>let suid scripts run in a secure manner. I think it would involve

You can easily do this in user space, with a suid root program called
for example /sbin/suidexec. I have written such a thingy. Perl does
it in the same way (suidperl). Just start your script with "#!/bin/suidexec"
et voila.

Mike.

-- 
  Miquel van    | Cistron Internet Services   --    Alphen aan den Rijn.
  Smoorenburg,  | mailto:info@cistron.nl          http://www.cistron.nl/
miquels@het.net | Tel: +31-172-419445 (Voice) 430979 (Fax) 442580 (Data)