[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: central administration techniques

On Fri, Oct 19, 2001 at 06:33:43PM +0300, Juha J?ykk? wrote:
> > > 3. Break into one of the other machines, use the suided script to
> >                                                    ^^^^^^^^^^^^^
> > I can't answer your questions - I know too little. Just one remark:
> > AFAIK, Linux doesn't support suided shell scripts. At least it didn't do
> > that a few years ago when I tried to use a suided script. I haven't
> 
>   -> use C-code. Does not matter. I can code buffer overflow -proof
> routines for this simple stuff. Or just code a suid binary which runs
> the script and does nothing else.. An additional security hole there,
> though: I basically would have TWO suided programs now though crashing
> a program which only runs another should be impossible (unless the init
> routines can be crashed).
Only the C-wrapper should be SUID I think, and since it then already
runs as root, there's no need to set the SUID bit for the shell script
(it will just be ignored).
-- 
,-------------------------------------------.
> Name:           Alson van der Meulen      <
> Personal:        alson@flutnet.org        <
> School:       alson@gymnasiumleiden.nl    <
`-------------------------------------------'
Where's the DIR command?
---------------------------------------------
Reply to: