[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: setgid-wrapper

On Wed, May 19, 2004 at 07:53:46AM -0400, James Damour wrote:
> On Tue, 2004-05-18 at 09:03, Steven Augart wrote:
> > As you probably know, when a shell sees that it is running a setuid or 
> > setgid shell script, it detects this because the euid and ruid or egid 
> > and rgid are different.  It "fixes" this by setting the euid to be the 
> > same as the ruid, and/or egid the same as the rgid, effectively 
> > turning off the setuid/setgid bit.

Huh? This is wrong. It is the kernel who refuses to set the UID or GID
on execution of setuid/gid shell scripts.

Where did you read that?
> Actually, I didn't know that.  Thanks for the info!

Well, it's false. The shell doesn't do anything special with it.

> > But, if the egid and rgid are the same, then the shell script leaves 
> > them alone.  (Indeed, unless it's running as root, it has to leave 
> > them alone -- it does not have permission to do anything else.)

The shell never does anything with them.


Jeroen van Wolffelaar
Jeroen@wolffelaar.nl (also for Jabber & MSN; ICQ: 33944357)

Attachment: pgpQ474Tp9_Mr.pgp
Description: PGP signature

Reply to: