Re: suid script
On 3 Dec 1998, Gary L. Hennigan wrote:
> Pere Camps <pere@casal.upc.es> writes:
> | I want my users to be able to execute this script:
....
> | The problem is that these programs need root's privileges. I've
> | suid the script root:root but still the programs say I don't have he right
> | permisions to execute them.
>
> Scripts are not allowed to set UID, it's a security feature. I don't
> know where this occurs, but it's pretty low level, perhaps in the
> kernel itself or in the shell, and there's no getting around it. There
> are just too many holes that allowing scripts to be setuid root would
> allow and so that capability is disallowed.
It's in bash (which is also sh on most linux systems), a pain in the a**,
I mean, "feature". I don't know of any other shells that do this.
> The only way around it is to write a C (or maybe Perl) program, have
> that program setuid root and have it call the script. Of course for
> what you're doing it might be just as easy to have the C program
> perform the operations itself using the system() call.
Instant root shell example in C:
int
main() {
setuid(0);
seteuid(0);
execl("/bin/sh", "-sh", 0);
}
> Either that or install the sudo package and learn how to use it.
Probably the better solution.
Brandon
+--- ---+
| Brandon Mitchell * bhmit1@mail.wm.edu * http://bhmit1.home.ml.org/ |
| Sometimes you have to release software with bugs. - MS Recruiter |
Reply to: