Re: setgid-wrapper

To: "Grzegorz B. Prokopski" <gadek@debian.org>
Cc: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>, Jeroen van Wolffelaar <jeroen@wolffelaar.nl>, "James Damour (Suvarov454)" <suvarov454@users.sourceforge.net>, Steven Augart <augart@watson.ibm.com>, debian-mentors@lists.debian.org, debian-devel@lists.debian.org
Subject: Re: setgid-wrapper
From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
Date: Thu, 20 May 2004 00:37:24 +0200
Message-id: <[🔎] 87r7tgdowr.fsf@mrvn.homelinux.org>
In-reply-to: <[🔎] 20040519171401.GB23602@gadek.homelinux.org> (Grzegorz B. Prokopski's message of "Wed, 19 May 2004 13:14:02 -0400")
References: <[🔎] 1084278352.2373.35.camel@hovel.lepus.org> <[🔎] 20040511154001.GA27694@gwolf.org> <[🔎] 1084325832.2373.66.camel@hovel.lepus.org> <[🔎] 20040512041200.GA20232@gadek.homelinux.org> <[🔎] 40A90483.8020008@watson.ibm.com> <1084882531.2373.129.camel@hovel.lepus.org> <40AA09A1.8060802@watson.ibm.com> <[🔎] 1084967626.2373.141.camel@hovel.lepus.org> <[🔎] 20040519123330.GD10117@A-Eskwadraat.nl> <[🔎] 877jv8frpb.fsf@mrvn.homelinux.org> <[🔎] 20040519171401.GB23602@gadek.homelinux.org>

"Grzegorz B. Prokopski" <gadek@debian.org> writes:

> On (19/05/04 15:54), Goswin von Brederlow wrote:
>> Jeroen van Wolffelaar <jeroen@wolffelaar.nl> writes:
>> 
>> > On Wed, May 19, 2004 at 07:53:46AM -0400, James Damour wrote:
>> >> On Tue, 2004-05-18 at 09:03, Steven Augart wrote:
>> >> > As you probably know, when a shell sees that it is running a setuid or 
>> >> > setgid shell script, it detects this because the euid and ruid or egid 
>> >> > and rgid are different.  It "fixes" this by setting the euid to be the 
>> >> > same as the ruid, and/or egid the same as the rgid, effectively 
>> >> > turning off the setuid/setgid bit.
>> >
>> > Huh? This is wrong. It is the kernel who refuses to set the UID or GID
>> > on execution of setuid/gid shell scripts.
>> >
>> > Where did you read that?
>> 
>> Could it be you mean bash droping the setuid/setgid bits when it is
>> set setuid/setgid? Thats a bash speciality preventing hackers to
>> setuid/gid bash as so many rootkits have done in the past.
>
> No.  Bash is not dropping any of its priviledges.  If you want to give
> all users root access just set suid on /bin/bash ;-))

man bash:

       If the shell is started with the effective user (group) id not equal to
       the real user (group) id, and the -p option is not supplied, no startup
       files are read, shell functions are not inherited from the environment,
       the SHELLOPTS variable, if it appears in the environment,  is  ignored,
       and the effective user id is set to the real user id.  If the -p option
       is supplied at invocation, the startup behavior is the  same,  but  the
       effective user id is not reset.

MfG
        Goswin

Reply to:

References:
- ITA: filler - Simple game in Java
  - From: James Damour <jdamour@nycap.rr.com>
- Re: ITA: filler - Simple game in Java
  - From: Gunnar Wolf <gwolf@gwolf.cx>
- Re: ITA: filler - Simple game in Java
  - From: James Damour <jdamour@nycap.rr.com>
- Re: ITA: filler - Simple game in Java
  - From: "Grzegorz B. Prokopski" <gadek@debian.org>
- setgid-wrapper (was: Re: ITA: filler - Simple game in Java)
  - From: Steven Augart <augart@watson.ibm.com>
- Re: setgid-wrapper
  - From: James Damour <jdamour@nycap.rr.com>
- Re: setgid-wrapper
  - From: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>
- Re: setgid-wrapper
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: setgid-wrapper
  - From: "Grzegorz B. Prokopski" <gadek@debian.org>

Prev by Date: Re: setgid-wrapper
Next by Date: Re: setgid-wrapper
Previous by thread: Re: setgid-wrapper
Next by thread: Re: setgid-wrapper
Index(es):
- Date
- Thread