Re: suid shell scripts

To: Jim Breton <jamesb-debian@alongtheway.com>
Cc: debian-security@lists.debian.org
Subject: Re: suid shell scripts
From: Alexander Hvostov <vulture@aoi.dyndns.org>
Date: Mon, 5 Jun 2000 20:21:53 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.4.21.0006052020020.1349-100000@cornerstone.core.aoi>
In-reply-to: <[🔎] 20000606013210.M28607@alongtheway.com>

Jim,

The Linux kernel does not permit any executable file beginning with #! (a
file which requires an interpreter) to have setuid privileges. For this
you will have to have to write a small compiled binary (e.g. C) program,
which simply performs an execl(), perhaps after doing setuid() to change
the real UID/GID as well as the effective one.

The effective UID/GID is the only UID/GID that gets changed by setuid
binaries; it is up to them to set their real UID/GID if this is necessary.

Regards,

Alex.

---
PGP/GPG Fingerprint:
  EFD1 AC6C 7ED5 E453 C367  AC7A B474 16E0 758D 7ED9

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCM d- s:+ a--- C++++ UL++++ P L+++ E W++ N o-- K- w
O--- M- V- PS+ PE- Y PGP t+ 5 X- R tv+ b DI--- D+
G e-- h++ r--- y
------END GEEK CODE BLOCK------

On Tue, 6 Jun 2000, Jim Breton wrote:

> Simple question: are suid/sgid shell scripts allowed in Linux?
> 
> I thought they were, but after I tried writing one and running it, it
> appears that they are not.
> 
> Is the elevated privilege dropped back to normal by bash, or by the
> kernel itself?
> 
> (I am aware of the security issues, I just want to know the answer to
> this).
> 
> Thanks.
> 
> 
> --  
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

Reply to:

References:
- suid shell scripts
  - From: Jim Breton <jamesb-debian@alongtheway.com>

Prev by Date: suid shell scripts
Next by Date: Re: Unknown open ports
Previous by thread: suid shell scripts
Next by thread: Re: suid shell scripts
Index(es):
- Date
- Thread