From owner-freebsd-questions  Mon Apr 15 20:52:14 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id UAA04851
          for questions-outgoing; Mon, 15 Apr 1996 20:52:14 -0700 (PDT)
Received: from shell.aros.net (shell.aros.net [205.164.111.19])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id UAA04846
          for <questions@freebsd.org>; Mon, 15 Apr 1996 20:52:10 -0700 (PDT)
Received: (from angio@localhost) by shell.aros.net (8.7.5/Unknown) id VAA12196; Mon, 15 Apr 1996 21:52:01 -0600 (MDT)
From: Dave Andersen <angio@aros.net>
Message-Id: <199604160352.VAA12196@shell.aros.net>
Subject: Re: FreeBSD 2.1 SUID
To: bogawa@netvoyage.net (Bryan Ogawa at Work)
Date: Mon, 15 Apr 1996 21:52:01 -0600 (MDT)
Cc: andy.smith@reuters.com, questions@freebsd.org
In-Reply-To: <Pine.NEB.3.92.960415151842.24038A-100000@digital.netvoyage.net> from Bryan Ogawa at Work at "Apr 15, 96 03:26:51 pm"
X-Mailer: ELM [version 2.4ME+ PL13 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Lo and behold, Bryan Ogawa at Work once said:

> > How can I get this (or any) shell script to run SUID root??
> >
> > Thanks
> >
> > Andy
> 
> As many people will tell you, you can't run shell scripts by setting the
> SUID bits.  It's considered insecure (as SUID shell scripts can be used to
> run arbitrary programs as their owners).  It's disabled in the kernel
> somewhere.

   Bloody good thing, too. :)  Setuid scripts are just begging for 
someone to come along and abuse them.

> 1.  Write a wrapper program in C.  I'm no expert on this, but it can be
> done.

At the very simplest:

#include <stdlib.h>

int main() {
	execl("/your/path/to/program", NULL, NULL);
}

this doesn't check for success, of course, but it does the job.

> I'm not wholly familiar with that, through (there's a perl script which
> will write wrappers I've seen, but it doesn't seem to have the environment
> variables set right).
 
  Perl makes the setuid stuff quite easily through setuid perl.  Just be 
sure to sanitize the environment.

    -Dave Andersen

-- 
angio@aros.net                Complete virtual hosting and business-oriented
system administration         Internet services.  (WWW, FTP, email)
http://www.aros.net/          http://www.aros.net/about/virtual
  "There are only two industries that refer to thier customers as 'users'."