[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: setgid-wrapper

Somehow I managed to miss Bob's and Mike's emails on this subject.  I
rather wish that I *had* seen it before I spent 16 hours coding up the
wrapper ;)  Still, I don't think my time was wasted; I learned quite a
lot and I think that I have something that can still be salvaged.  Still
"salvage" seems to describe what is needed.

My understanding of the position of Bob and Mike can be summed up as,
"in general, shell script's can't be made to use setuid/setgid
securely".  Basically, the problem comes down that a user can manipulate
their PATH to redefining basic commands that are used by the shell
scripts (like "ls") in order to elevate their privileges.

I'm not willing to give up on the basic idea yet, however, as I still
need to run a Java program setgid to "games" to handle a score history
file.  Similarly, I hope to one day run a Java application server (e.g.
Tomcat, JBoss, or Geronimo) setuid to some system id.  Therefore I
humbly request your comments on how to salvage this idea.  Please keep
in mind that "/usr/bin/java" is, itself, almost certainly a script.  

I'll gladly send the package and source to anyone wishing to review my
work.  I'm not quite ready to have it uploaded to the Debian project
(not even Experimental) yet, however.  If you don't mind, I'd like more
agreement on the basic concepts first.

James Damour (Suvarov454) <suvarov454@users.sourceforge.net>

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: