home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.sys.sun.admin
- Path: sparky!uunet!zaphod.mps.ohio-state.edu!rpi!ghost.dsi.unimi.it!sisifo.arcetri.astro.it!sisifo!lfini
- From: lfini@sisifo (Luca Fini)
- Subject: Re: mounting CD by normal user. Alternatives to suid shell script
- Message-ID: <1992Dec12.134151.20481@arcetri.astro.it>
- Sender: news@arcetri.astro.it
- Organization: Osservatorio di Arcetri
- X-Newsreader: TIN [version 1.1 PL6]
- References: <1992Dec11.211807.29122@u.washington.edu>
- Date: Sat, 12 Dec 1992 13:41:51 GMT
- Lines: 21
-
- axel schweiger (axel@apl.Washington.EDU) wrote:
- : Can anyone explain to me why suid shell scripts are such a security
- : risk and if so how do people accomplish mounting cds and M/O drives
- : by non-super users. Has anyone dealt with that ?
- :
-
- Because it is pretty easy to foolish the shell executing the script
- to provide an interactive shell (with root privileges) to the caller
- of the script (how to do that is reported in the 'alt.security' FAQ).
-
- Security manuals suggest either to use compiled binaries to make the same
- job of scripts or to use 'perl' as a script language. Wether that's
- is always feasible, I actually don't know.
-
- +------------------------------------------------------------------------+
- | Luca Fini |
- | Osservatorio Astrofisico di Arcetri Tel. +55 2752 253 |
- | L.go E.Fermi, 5 Fax.: +55 220039 |
- | 50125 Firenze e-mail: lfini@arcetri.astro.it |
- | Italia |
- +------------------------------------------------------------------------+
-
