Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 4 Aug 1997 14:35:01 -0600 (MDT)
From:      Marc Slemko <marcs@znep.com>
To:        FreeBSD Mailing List <freebsd@atipa.com>
Cc:        "Jonathan A. Zdziarski" <jonz@netrail.net>, ports@FreeBSD.ORG, security@FreeBSD.ORG
Subject:   Re: SetUID
Message-ID:  <Pine.BSF.3.95.970804142646.27439Q-100000@alive.znep.com>
In-Reply-To: <Pine.BSF.3.91.970804133131.9513A-100000@dot.ishiboo.com>

next in thread | previous in thread | raw e-mail | index | archive | help
You could.  If you did, however, you would be silly.  

The wrapper you give allows anyone who can run it to do anything they want
as the uid it is setuid to.

On Mon, 4 Aug 1997, FreeBSD Mailing List wrote:

> 
> 
> On Mon, 4 Aug 1997, FreeBSD Mailing List wrote:
> 
> > 
> > Johnathan,
> > 
> > As far as I know, shell scripts can not bet setuid root. You would need 
> > to setuid root all the binaries evoked from the shell, which is not a 
> > great idea.
> > 
> > You could instead write a setuid "wrapper" of some sort that runs a 
> > shell script (or set of scripts), using c, c++, etc. 
> >  
> > Kevin
> 
> Here is a simple "wrapper":
> 
> -- cut here (wrapper.c) --
> 
> #include <stdlib.h>
> main()
> {
>         execl("/etc/rc.WHATEVER","WHATEVER",NULL);
> }
> 
> -- end--
> 
> The resulting binary can be setuid root and restricted to your 
> appropriate /etc/group.
> 
> Kevin
> 




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970804142646.27439Q-100000>