[NTLUG:Discuss] SETUID on Shell Scripts Question

Chris Cox cjcox at acm.org
Mon Apr 3 21:39:43 CDT 2000


This is a little "off-topic", but worth looking at:
http://www.samag.com/archive/0306/index.shtml

I can get you a copy of the suFirewall article (obviously).
It's a pretty good wrapper for doing setuid scripts...though the
security policy is left up to the implementor.  I wrote it due
to frustration with perl's default suid security policy.

Something to consider if you're going to implement and deploy
setuid executables and you want to make sure they're secure...
but like to have at least some power to do some operations.

Regards,
Chris

Mike Owens wrote:
> 
> This is an embarassing question, but I evidently am not getting it. I
> have a simple shell script which I have setuid to root. All it does it
> take md5 sums on everything in /usr/bin. Yet when I run it as a plain
> old user, I get "permission denied" on the binaries which don't have
> group or user read permissions.
> 
> Why is the happening? If I run it as root---no problem. I thought suid
> was supposed to make it execute as root (assuming it is owned by root).
> I read in the bash man pages to use the -p switch as well. Still, no
> avail.
> 
> I guess my shell is executing the script, and thus using its uid and
> guid. How do I set permissions such that this won't happen?
> 
> Anyone?
> 
> _______________________________________________
> http://ntlug.org/mailman/listinfo/discuss




More information about the Discuss mailing list