[NTLUG:Discuss] SETUID on Shell Scripts Question
MadHat
madhat at unspecific.com
Mon Apr 3 09:47:55 CDT 2000
Brian wrote:
>
> Bug Hunter wrote:
> >
> > You have to do the suid on the program that execute, not just the shell
> > script. I would run the script as root using a cron job, making it
> > readable and executable for root only.
>
> But I believe the newer kernels still won't allow a suid shell to be run
> by a non-root user with an effective UID of root, regardless of the
> program permissions being run by the script.
>
> This functionality can be disabled in the kernel, if you really have to
> run suid scripts.
since perl is a scripting language, I know this is not correct (unless
the default in the newer kernels is to have the ability turned on,
'cause I didn't set it). You do have to use the suidperl binary (when
speaking of perl suid scripts) and it is set with the suid bit set. If
the binary is suid then the script _should_ run as the suid user, but
suid scripts are a major security risk and should be avoided when
possible anyway...
--
%_=split';','2e;hac;40;not;64;ju;66; Perl ;68;st a;6f;ker;75;her';
print map $_{unpack "H2",$_}, split //,
'madhat at unspecific.com'
# aka Lee Heath, but don't tell anyone.
More information about the Discuss
mailing list