Somehow I managed to miss Bob's and Mike's emails on this subject. I rather wish that I *had* seen it before I spent 16 hours coding up the wrapper ;) Still, I don't think my time was wasted; I learned quite a lot and I think that I have something that can still be salvaged. Still "salvage" seems to describe what is needed. My understanding of the position of Bob and Mike can be summed up as, "in general, shell script's can't be made to use setuid/setgid securely". Basically, the problem comes down that a user can manipulate their PATH to redefining basic commands that are used by the shell scripts (like "ls") in order to elevate their privileges. I'm not willing to give up on the basic idea yet, however, as I still need to run a Java program setgid to "games" to handle a score history file. Similarly, I hope to one day run a Java application server (e.g. Tomcat, JBoss, or Geronimo) setuid to some system id. Therefore I humbly request your comments on how to salvage this idea. Please keep in mind that "/usr/bin/java" is, itself, almost certainly a script. I'll gladly send the package and source to anyone wishing to review my work. I'm not quite ready to have it uploaded to the Debian project (not even Experimental) yet, however. If you don't mind, I'd like more agreement on the basic concepts first. -- James Damour (Suvarov454) <suvarov454@users.sourceforge.net>
Attachment:
signature.asc
Description: This is a digitally signed message part