Re: setgid-wrapper

To: debian-devel@lists.debian.org, debian-mentors@lists.debian.org
Subject: Re: setgid-wrapper
From: Matt Zimmerman <mdz@debian.org>
Date: Tue, 1 Jun 2004 22:04:03 -0700
Message-id: <[🔎] 20040602050403.GA19402@alcor.net>
Mail-followup-to: debian-devel@lists.debian.org, debian-mentors@lists.debian.org
In-reply-to: <[🔎] 1086146483.2371.148.camel@hovel.lepus.org>
References: <[🔎] 1086146483.2371.148.camel@hovel.lepus.org>

On Tue, Jun 01, 2004 at 11:21:23PM -0400, James Damour wrote:

> My understanding of the position of Bob and Mike can be summed up as, "in
> general, shell script's can't be made to use setuid/setgid securely".
> Basically, the problem comes down that a user can manipulate their PATH to
> redefining basic commands that are used by the shell scripts (like "ls")
> in order to elevate their privileges.

It's not impossible, it's just tricky, and the technique you chose has
already been implemented (in sudo).

-- 
 - mdz

Reply to:

References:
- Re: setgid-wrapper
  - From: James Damour <jdamour@nycap.rr.com>

Prev by Date: Re: RFS : sailcut - sail design and plotting software
Next by Date: Re: RFS : sailcut - sail design and plotting software
Previous by thread: Re: setgid-wrapper
Next by thread: Re: setgid-wrapper
Index(es):
- Date
- Thread