home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Atari Mega Archive 1
/
Atari Mega Archive - Volume 1.iso
/
lists
/
mint
/
l_0399
/
171
< prev
next >
Wrap
Internet Message Format
|
1994-08-27
|
2KB
From: Stephen Usher <steve@earth.ox.ac.uk>
Subject: Re: seduid scripts
Date: Tue, 23 Mar 93 13:09:08 BST
In-Reply-To: <9303231257.AA00672@irz204.inf.tu-dresden.de>; from "Michael Hohmuth" at Mar 23, 93 1:57 pm
>Steve writes:
>
>> > [about /bin/scripter]
>>
>> This sounds an even more unholy mess than one incidence of / -> \ conversion
>> in the kernel! Anyway, it's just one more security hole, not that there
>> aren't one or two already! :-)
>
>Why is that an security hole? `/bin/scripter' would be just another shell
>which happens to be setuid-root (just like `su').
It's just one more program which could be compromised.
>
>IMHO, having a script launcher is better than putting inconsistencies
>in the kernel.
Exec should preferably be an atomic action. Also, there is an implicit
assumption that you hold your executables in /bin. What if the script is for
something other than /bin/[c]sh, maybe you want to run /exec/bloggs/gruncher
and don't have a /bin on the current drive? Putting the parsing of the #!
magic number in the kernel would make the kernel self contained, and hence
less able to be totally fouled up by the half-clued or clueless.
You can never under estimate the intelligence of a user! :-)
>
>Michael
>--
>Internet: hohmuth@freia.inf.tu-dresden.de
>
Steve
--
---------------------------------------------------------------------------
Computer Systems Administrator, Dept. of Earth Sciences, Oxford University.
E-Mail: steve@uk.ac.ox.earth (JANET) steve@earth.ox.ac.uk (Internet).
Tel:- Oxford (0865) 282110 (UK) or +44 865 282110 (International).