From owner-freebsd-ports Mon Aug 4 13:37:43 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id NAA25556 for ports-outgoing; Mon, 4 Aug 1997 13:37:43 -0700 (PDT) Received: from scanner.worldgate.com (scanner.worldgate.com [198.161.84.3]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id NAA25526; Mon, 4 Aug 1997 13:37:38 -0700 (PDT) Received: from znep.com (uucp@localhost) by scanner.worldgate.com (8.8.5/8.8.5) with UUCP id OAA16879; Mon, 4 Aug 1997 14:37:26 -0600 (MDT) Received: from localhost (marcs@localhost) by alive.znep.com (8.7.5/8.7.3) with SMTP id OAA28905; Mon, 4 Aug 1997 14:35:02 -0600 (MDT) Date: Mon, 4 Aug 1997 14:35:01 -0600 (MDT) From: Marc Slemko To: FreeBSD Mailing List cc: "Jonathan A. Zdziarski" , ports@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: SetUID In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ports@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk You could. If you did, however, you would be silly. The wrapper you give allows anyone who can run it to do anything they want as the uid it is setuid to. On Mon, 4 Aug 1997, FreeBSD Mailing List wrote: > > > On Mon, 4 Aug 1997, FreeBSD Mailing List wrote: > > > > > Johnathan, > > > > As far as I know, shell scripts can not bet setuid root. You would need > > to setuid root all the binaries evoked from the shell, which is not a > > great idea. > > > > You could instead write a setuid "wrapper" of some sort that runs a > > shell script (or set of scripts), using c, c++, etc. > > > > Kevin > > Here is a simple "wrapper": > > -- cut here (wrapper.c) -- > > #include > main() > { > execl("/etc/rc.WHATEVER","WHATEVER",NULL); > } > > -- end-- > > The resulting binary can be setuid root and restricted to your > appropriate /etc/group. > > Kevin >