[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Programming problem
- To: jteich <jteich(at-nospam)subdimension.com>
- Subject: Re: Programming problem
- From: Adi Stav <stav(at-nospam)actcom.co.il>
- Date: Mon, 5 Feb 2001 09:22:53 +0200
- Cc: linux-il(at-nospam)cs.huji.ac.il
- In-Reply-To: <200102041444.JAA24202@www.subdimension.com>; from jteich@subdimension.com on Sun, Feb 04, 2001 at 09:44:43AM -0500
- Mail-Followup-To: jteich <jteich@subdimension.com>, linux-il@cs.huji.ac.il
- References: <200102041444.JAA24202@www.subdimension.com>
- Sender: Adi Stav <adi(at-nospam)fred.stav>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
- User-Agent: Mutt/1.3.12i
On Sun, Feb 04, 2001 at 09:44:43AM -0500, jteich wrote:
> I wanted to run a shell script program that needs to run with root permissions, and I wanted to
> be able to start this script without su'ing. I tried to set the suid bit on the program, but I
> found out that the suid bit only works for binary executables. Then I wrote a simple c program
> that starts up the shell program through the system() call, and I chown the program to root and
> set the suid bit on it, but for some reason the shell still wouldn't run as root. What am I
> doing wrong and is there any way aroud this?
This is not very secure, because there are many tricks that a user can
play on a suid shell. A better approach would be to see which commands
in the script need to run suid and only privelege these commands to
relevant users (by setting their suid bit or by writing a wrapper like
you did).
- Adi Stav
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il