Date: Tue, 5 Aug 1997 02:50:00 -0700 From: "David O'Brien" <obrien@NUXI.COM> To: FreeBSD Mailing List <freebsd@atipa.com> Cc: "Jonathan A. Zdziarski" <jonz@netrail.net>, ports@freebsd.org, security@freebsd.org Subject: Re: SetUID Message-ID: <19970805025000.01050@dragon.nuxi.com> In-Reply-To: <Pine.BSF.3.91.970804133131.9513A-100000@dot.ishiboo.com>; from FreeBSD Mailing List on Mon, Aug 04, 1997 at 01:36:27PM -0600 References: <Pine.BSF.3.91.970804131806.8529A-100000@dot.ishiboo.com> <Pine.BSF.3.91.970804133131.9513A-100000@dot.ishiboo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > You could instead write a setuid "wrapper" of some sort that runs a
> > shell script (or set of scripts), using c, c++, etc.
>
> Here is a simple "wrapper":
>
> -- cut here (wrapper.c) --
>
> #include <stdlib.h>
> main()
> {
> execl("/etc/rc.WHATEVER","WHATEVER",NULL);
> }
Still too dangerous. The environment isn't cleansed. Please try the
super port (ports/security/super) which is a wrapper program like this,
but does some cleansing and can use control lists.
--
-- David (obrien@NUXI.com -or- obrien@FreeBSD.org)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970805025000.01050>