Re: Setuid programs run from shell scripts?

Fred Blonder (fred@nasirc.hq.nasa.gov)
Tue, 15 Nov 1994 10:30:14 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Quentin Fennessy: "Re: Setuid programs run from shell scripts?"
Previous message: Darren Reed: "Raw Socket Bug: details & patch."
In reply to: Michael Neuman: "Setuid programs run from shell scripts?"
Next in thread: Quentin Fennessy: "Re: Setuid programs run from shell scripts?"

	From: Michael Neuman <mcn@c3serve.c3.lanl.gov>

	This is a nice security feature, but is it a bug?

	<example deleted>

	Shouldn't suid run as root under the "script"?
 
(Not to get into the set-UID shell-script argument again. ;-)

How would you handle the situation where the script itself and the
interpreter are BOTH set-UID?

They're both integers.  We can ADD them.  No wait! We'll AVERAGE them.

Clearly, the set-UID bit on one or the other must take precedence.
Someone, somewhere decided that it would be the set-UID bit on the
script.  This was maybe the wrong decision, but it's the one we're
stuck with, for the moment at least.
-----
Fred Blonder		fred@nasirc.hq.nasa.gov

Hughes STX Corp.	(301) 441-4079
7701 Greenbelt Rd.
Greenbelt, Md.  20770

Next message: Quentin Fennessy: "Re: Setuid programs run from shell scripts?"
Previous message: Darren Reed: "Raw Socket Bug: details & patch."
In reply to: Michael Neuman: "Setuid programs run from shell scripts?"
Next in thread: Quentin Fennessy: "Re: Setuid programs run from shell scripts?"