Re: how do I use UID setting?

To: miquels@cistron.nl (Miquel van Smoorenburg)
Cc: debian-user@lists.debian.org
Subject: Re: how do I use UID setting?
From: Jiri Baum <jiri@baum.com.au>
Date: Mon, 8 Feb 1999 19:01:20 +1100 (EST)
Message-id: <[🔎] E109ldA-0002jQ-00@legend.baum.com.au>
In-reply-to: <[🔎] 79jpmp$gkl$1@defiant.cistron.nl> from Miquel van Smoorenburg at "Feb 7, 99 11:25:29 am"

Miquel van Smoorenburg:
> Simple - setuid shell scripts are not supported under Linux because we
> have learned from history that it is impossible to create a secure shell
> script.

That's not the reason.

The reason is that the semantics of the #! line have the script passed to
the shell by name. In the meantime, a hacker can substitute a different
script. Making the directory unwriteable doesn't help, as the script can be
hardlinked to.

Solving this requires changing the semantics of either suid or #! - the
former is done by sudo (which does suid-by-pathname), the latter in systems
where the script is passed to the shell via an open handle.


Jiri
-- 
<jiri@baum.com.au>
We'll know the future has arrived when every mailer transparently
quotes lines that begin with "From ", but no-one remembers why.

Reply to:

Follow-Ups:
- StarOffice crashes my system
  - From: Olafur Jens Sigurdsson <ojs@rhi.hi.is>

References:
- Re: how do I use UID setting?
  - From: miquels@cistron.nl (Miquel van Smoorenburg)

Prev by Date: Re: using dpkg
Next by Date: Re: DSelect and ftp
Previous by thread: Re: how do I use UID setting?
Next by thread: StarOffice crashes my system
Index(es):
- Date
- Thread