Re: suid shell scripts
Jim,
The Linux kernel does not permit any executable file beginning with #! (a
file which requires an interpreter) to have setuid privileges. For this
you will have to have to write a small compiled binary (e.g. C) program,
which simply performs an execl(), perhaps after doing setuid() to change
the real UID/GID as well as the effective one.
The effective UID/GID is the only UID/GID that gets changed by setuid
binaries; it is up to them to set their real UID/GID if this is necessary.
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCM d- s:+ a--- C++++ UL++++ P L+++ E W++ N o-- K- w
O--- M- V- PS+ PE- Y PGP t+ 5 X- R tv+ b DI--- D+
G e-- h++ r--- y
------END GEEK CODE BLOCK------
On Tue, 6 Jun 2000, Jim Breton wrote:
> Simple question: are suid/sgid shell scripts allowed in Linux?
>
> I thought they were, but after I tried writing one and running it, it
> appears that they are not.
>
> Is the elevated privilege dropped back to normal by bash, or by the
> kernel itself?
>
> (I am aware of the security issues, I just want to know the answer to
> this).
>
> Thanks.
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
Reply to: