forbidden things with bru
Dipl agr Veronique Eyraud
deyrau at ciba-geigy.ch
Tue Jul 31 16:24:59 AEST 1990
Thank you for all the replies for the "SUID on scripts" question.
My ultimate goal in this is to allow an operator to log on a "normal"
account and to run a backup procedure reading all or parts of the file
system without beeing root.
Though I have a C procedure calling "bru", on which I have set UID, and
the exe looks like this:
-rwsr-x--- 1 root sys 15984 mybru
The source is the following
main(argc,argv)
int argc;
char **argv;
{
/* system( command ); */
system("ls -l");
system(
"bru -cvn 15-jul-1990 -f /dev/nrtape /usr/focci02/prog/mmod/mm30x");
}
With this, I cannot succeed in reading a protected directory (no read access
for the "other" field,and the owner is from the "user" group), though it
works for the ls command that is called just before.
Is there something in the bru philosophy that says
"Though shalt not backup directories if thee are protected even if though
have SUID root sys ??!!!! "
Any idea ?
More information about the Comp.sys.sgi
mailing list