what are the implications of shell doing setuid(getuid())?
BALDWIN
mike at whuxl.UUCP
Thu Sep 19 00:07:30 AEST 1985
[ what would break if /bin/sh did setuid(getuid()), setgid(getgid())? ]
> Well, shell scripts invoked by someone who was su'ed to someone else could
> fail, couldn't they, in this situation? (The resulting spawned shells would
> not have the proper uid and gid.)
Nope, because su(1) sets both the effective *and* the real [ug]id. The only
way to run the shell with real != effective is to exec it from a set[ug]id
C program (e.g., system(3C) or popen(3S)) or use #!/bin/sh in BSD (but it's
*real* easy to break set[ug]id #!/bin/sh files).
--
Michael Baldwin
AT&T Bell Labs
{at&t}!whuxl!mike
More information about the Comp.unix.wizards
mailing list