From owner-freebsd-ports  Mon Aug  4 13:37:43 1997
Return-Path: <owner-freebsd-ports>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id NAA25556
          for ports-outgoing; Mon, 4 Aug 1997 13:37:43 -0700 (PDT)
Received: from scanner.worldgate.com (scanner.worldgate.com [198.161.84.3])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id NAA25526;
          Mon, 4 Aug 1997 13:37:38 -0700 (PDT)
Received: from znep.com (uucp@localhost)
	by scanner.worldgate.com (8.8.5/8.8.5) with UUCP id OAA16879;
	Mon, 4 Aug 1997 14:37:26 -0600 (MDT)
Received: from localhost (marcs@localhost) by alive.znep.com (8.7.5/8.7.3) with SMTP id OAA28905; Mon, 4 Aug 1997 14:35:02 -0600 (MDT)
Date: Mon, 4 Aug 1997 14:35:01 -0600 (MDT)
From: Marc Slemko <marcs@znep.com>
To: FreeBSD Mailing List <freebsd@atipa.com>
cc: "Jonathan A. Zdziarski" <jonz@netrail.net>, ports@FreeBSD.ORG,
        security@FreeBSD.ORG
Subject: Re: SetUID
In-Reply-To: <Pine.BSF.3.91.970804133131.9513A-100000@dot.ishiboo.com>
Message-ID: <Pine.BSF.3.95.970804142646.27439Q-100000@alive.znep.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-ports@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

You could.  If you did, however, you would be silly.  

The wrapper you give allows anyone who can run it to do anything they want
as the uid it is setuid to.

On Mon, 4 Aug 1997, FreeBSD Mailing List wrote:

> 
> 
> On Mon, 4 Aug 1997, FreeBSD Mailing List wrote:
> 
> > 
> > Johnathan,
> > 
> > As far as I know, shell scripts can not bet setuid root. You would need 
> > to setuid root all the binaries evoked from the shell, which is not a 
> > great idea.
> > 
> > You could instead write a setuid "wrapper" of some sort that runs a 
> > shell script (or set of scripts), using c, c++, etc. 
> >  
> > Kevin
> 
> Here is a simple "wrapper":
> 
> -- cut here (wrapper.c) --
> 
> #include <stdlib.h>
> main()
> {
>         execl("/etc/rc.WHATEVER","WHATEVER",NULL);
> }
> 
> -- end--
> 
> The resulting binary can be setuid root and restricted to your 
> appropriate /etc/group.
> 
> Kevin
>