[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: setgid-wrapper

On Tue, Jun 01, 2004 at 11:21:23PM -0400, James Damour wrote:

> My understanding of the position of Bob and Mike can be summed up as, "in
> general, shell script's can't be made to use setuid/setgid securely".
> Basically, the problem comes down that a user can manipulate their PATH to
> redefining basic commands that are used by the shell scripts (like "ls")
> in order to elevate their privileges.

It's not impossible, it's just tricky, and the technique you chose has
already been implemented (in sudo).

 - mdz

Reply to: