Date: Fri, 28 Aug 2009 20:10:59 -0600 From: Tim Judd <tajudd@gmail.com> To: RW <rwmaillists@googlemail.com> Cc: freebsd-questions@freebsd.org Subject: Re: SUID permission on Bash script Message-ID: <ade45ae90908281910o2de3c2c8ra5cde55a9ecead45@mail.gmail.com> In-Reply-To: <20090829022431.5841d4de@gumby.homeunix.com> References: <beaf3aa50908280124pbd2c760v8d51eb4ae965dedc@mail.gmail.com> <87y6p4pbd0.fsf@kobe.laptop> <20090829022431.5841d4de@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8/28/09, RW <rwmaillists@googlemail.com> wrote: > On Fri, 28 Aug 2009 11:54:19 +0300 > Giorgos Keramidas <keramida@ceid.upatras.gr> wrote: > >> On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo >> <jeronimocalvop@googlemail.com> wrote: > >> > As far as i know, using SUID, script must runs with root >> > permissions... so i shoudnt get "Permission denied", what im doing >> > wrong?? >> >> No it must not. There are security reasons why shell scripts are not >> setuid-capable. You can find some of them in the archives of the >> mailing list, going back at least until 1997. > > I'm bit puzzled by this, previous threads have given the impression > that this is a myth, for example: > > http://www.mail-archive.com/freebsd-questions@freebsd.org/msg185134.html > > So are scripts actually incapable of running setuid? Dunno, but this dawns on me.. what defines a script? I've always defined a script that starts with a #! shebang. So the script can be SUID, but the interpreter/shell isn't. Is that why it doesn't work? --Tim
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ade45ae90908281910o2de3c2c8ra5cde55a9ecead45>