[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: suid




Once someone wrote:

> > >so how do i make my script suid root ?
> > AFAIK, in Linux you don't. Setuid shell scripts are BAD.
> 
> if you write a suid root script without thinking to much, it is badbut if
> you think carefully before doing so, it is not bad, and an easy solution
> to some problems ( better then giving the root password )

I'll put it this way; if you GOT to do something with uid 0, and it's
ABSOLUTELY MUST - use sudo.
The only disadvantage of it - it's the configuration, but once correctly
configured it can solve a lot of problems in a quite secure way.

> > of reasons. There was various hacks to implement the thing securely, but
> > generally the answer is no.
I agree :)

> so can I or can't I make suid root scripts in tcsh ?
> > You may try to use suidperl, or compile C
> > program (taking all precautoins one takes writing suid program). Or just
> > think - do you really need it to be suid root?

Shell suid scripts are unacceptible on any un*x system that respects
itself, and writing suid program is not a simple task, since there
numerous precautions that should be taken, for example buffer overflows,
temporary files creation, etc. etc. 
I wouldn't do it if I were you.

--Roman Shterenzon
========================================================================
Running Windows on a Pentium is like having a brand new Porsche but only
be able to drive backwards with the handbrake on.
(Unknown source)
========================================================================