[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: allowing a "normal" user to work efficiently

On Tue, 2003-10-21 at 12:03, Bijan Soleymani wrote:
> For example imagine you make "cat" suid...
> Then someone can do:
> cat /bin/rm /bin/cat
> cat -rf /

This would just output both /bin/rm and /bin/cat to your screen...
if you were to "cat /bin/rm > /bin/cat" you would get
mrroach@flmrroach:~$ cat /bin/rm > /bin/cat bash: /bin/cat: Permission

because piping is done by the shell, not cat. I'm not arguing that this
is not unsafe, just that your particular example is incorrect ;-)


Reply to: