security w/ root-id login to a sh-script
John Ruckstuhl
ruck at reef.cis.ufl.edu
Mon Jun 3 10:16:01 AEST 1991
In article <28895 at uflorida.cis.ufl.EDU> I writes:
>I accept that an suid-to-root shell script is a Bad Thing, but I am not
>sophisticated enough to know *all* the reasons why.
>Can one avoid the security problems by root-id account which specifies a
>shell-script rather than an interactive shell in its passwd entry?
>I think this prevents the script from inheriting environment variables
>except TERM.
>I have seen such a thing suggested publicly in another newsgroup or
>mailing list and not be rebutted. But then I wonder if "su restart_XYZ"
>inherits an environment and makes this method dangerous.
It's been kindly pointed out to me that yes, the possibility of an
"su restart_XYZ" does make this method as dangerous as an suid-to-root
shell script. Thanks to Jeff Beadle (jeff at onion.rain.com) for
explaining this and a reason why such things are dangerous.
Best Regards,
ruck.
--
John R Ruckstuhl, Jr ruck at alpha.ee.ufl.edu
Dept of Electrical Engineering ruck at cis.ufl.edu, uflorida!ruck
University of Florida ruck%sphere at cis.ufl.edu, sphere!ruck
More information about the Comp.unix.questions
mailing list