On Wed, May 19, 2004 at 07:53:46AM -0400, James Damour wrote: > On Tue, 2004-05-18 at 09:03, Steven Augart wrote: > > As you probably know, when a shell sees that it is running a setuid or > > setgid shell script, it detects this because the euid and ruid or egid > > and rgid are different. It "fixes" this by setting the euid to be the > > same as the ruid, and/or egid the same as the rgid, effectively > > turning off the setuid/setgid bit. Huh? This is wrong. It is the kernel who refuses to set the UID or GID on execution of setuid/gid shell scripts. Where did you read that? > Actually, I didn't know that. Thanks for the info! Well, it's false. The shell doesn't do anything special with it. > > But, if the egid and rgid are the same, then the shell script leaves > > them alone. (Indeed, unless it's running as root, it has to leave > > them alone -- it does not have permission to do anything else.) The shell never does anything with them. --Jeroen -- Jeroen van Wolffelaar Jeroen@wolffelaar.nl (also for Jabber & MSN; ICQ: 33944357) http://Jeroen.A-Eskwadraat.nl
Attachment:
pgpeg01r6Pmpt.pgp
Description: PGP signature