[NTLUG:Discuss] SETUID on Shell Scripts Question
Brian
briank at hex.net
Mon Apr 3 11:40:01 CDT 2000
MadHat wrote:
> Can you tell me what page you are looking at in the Camel book? The
> only mention I can remember (and could find when I just looked) is
> mention of the suidperl binary. Is this the wrapper of which you > speak?
Don't have the book here at work, it's in one of the back sections
covering security, taint, etc.
> for perl, or shell scripts?
Well, you can't run either as pure suid scripts, so both would have to
have a wrapper around them, or the kernel would need to be modified.
Just to make sure we're on the same page, I maintain you cannot run a
perl script, as a non-root user, which in turn invokes a system command
requiring root permissions to run *unless* you wrap the script.
Likewise, you cannot do this with a shell script either. All of this
assumes a Linux kernel > 2.0.38 (I can't speak for earlier versions).
You can write a perl script, set the suid bit, and have it output the
effective uid, run it with the perl interpreter, and it will never
output "root" as the effective uid.
--Brian
More information about the Discuss
mailing list