how to setuid for shell scripts?
Valdis Kletnieks
valdis at wizards.vt.edu
Fri Nov 16 09:05:44 AEST 1990
In article <25009 at adm.brl.mil>, K390590%AEARN at pucc.princeton.edu ( Steinparz Franz) writes:
|> Could someone give me advice how to make a shell script which inherits
|> its access rights from its owner as this is done by set uid for regular
|> programs. Just setting the set uid bit via CHMOD 06xxx does not work
|> on vax under ultrix.
You don't want to do this. Setuid shell scripts are a Bad Thing.
The security leaks are ENORMOUS - it takes *ANY* user a whole
whopping 3 or 4 commands to get a full-function interactive shell
running under the UID the shell is set-UID to.
I won't give full details, other than to say - how does csh know
to run .login for a login shell, but not a subshell? Now think
about .login for a while......
(Hint - the shell checks argv[0] for a '-')...
Full details are left as an excersize for the student.
Valdis Kletnieks
Computer Systems Engineer
Virginia Tech
More information about the Comp.unix.internals
mailing list