From owner-freebsd-security  Mon Aug  4 12:34:10 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id MAA22165
          for security-outgoing; Mon, 4 Aug 1997 12:34:10 -0700 (PDT)
Received: from onyx.atipa.com (user9577@ns.atipa.com [208.128.22.10])
          by hub.freebsd.org (8.8.5/8.8.5) with SMTP id MAA22160
          for <security@freebsd.org>; Mon, 4 Aug 1997 12:34:05 -0700 (PDT)
Received: (qmail-queue invoked by uid 1018); 4 Aug 1997 19:36:27 -0000
Date: Mon, 4 Aug 1997 13:36:27 -0600 (MDT)
From: FreeBSD Mailing List <freebsd@atipa.com>
X-Sender: freebsd@dot.ishiboo.com
To: "Jonathan A. Zdziarski" <jonz@netrail.net>, ports@freebsd.org,
        security@freebsd.org
Subject: Re: SetUID
In-Reply-To: <Pine.BSF.3.91.970804131806.8529A-100000@dot.ishiboo.com>
Message-ID: <Pine.BSF.3.91.970804133131.9513A-100000@dot.ishiboo.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk



On Mon, 4 Aug 1997, FreeBSD Mailing List wrote:

> 
> Johnathan,
> 
> As far as I know, shell scripts can not bet setuid root. You would need 
> to setuid root all the binaries evoked from the shell, which is not a 
> great idea.
> 
> You could instead write a setuid "wrapper" of some sort that runs a 
> shell script (or set of scripts), using c, c++, etc. 
>  
> Kevin

Here is a simple "wrapper":

-- cut here (wrapper.c) --

#include <stdlib.h>
main()
{
        execl("/etc/rc.WHATEVER","WHATEVER",NULL);
}

-- end--

The resulting binary can be setuid root and restricted to your 
appropriate /etc/group.

Kevin