Suid Shell Scripts
Helge Hafting
helgehaf en idb.hist.no
Jue Ene 20 22:44:11 CST 2000
> what is the downside to allowing suid/guid ONLY to a **non root/privileged
> user/group** for shell scripts?
Exactly the same downside as with suid/guid to root shell scripts:
An exploit is possible where someone can gain that userid
running something other than the shell script. Such
as a generic shell.
If you need this - use the trivial workaround:
A short c program that runs that particular shell script, and passes
parameters on to it. compile it and make it setuid.
There should be some safety checks in that program, such as verifying
the script.
Helge Hafting
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo en vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
Más información sobre la lista de distribución Ayuda