From owner-freebsd-security Tue Aug 5 02:51:20 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id CAA03700 for security-outgoing; Tue, 5 Aug 1997 02:51:20 -0700 (PDT) Received: from kongur.cs.ucdavis.edu (kongur.cs.ucdavis.edu [128.120.56.192]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id CAA03695; Tue, 5 Aug 1997 02:51:18 -0700 (PDT) Received: from dragon.nuxi.com (carina55.wco.com [209.21.28.55]) by kongur.cs.ucdavis.edu (8.8.5/8.8.5) with ESMTP id CAA16815; Tue, 5 Aug 1997 02:50:09 -0700 (PDT) Received: (from obrien@localhost) by dragon.nuxi.com (8.8.5/8.7.3) id JAA29356; Tue, 5 Aug 1997 09:50:00 GMT Message-ID: <19970805025000.01050@dragon.nuxi.com> Date: Tue, 5 Aug 1997 02:50:00 -0700 From: "David O'Brien" To: FreeBSD Mailing List Cc: "Jonathan A. Zdziarski" , ports@freebsd.org, security@freebsd.org Subject: Re: SetUID Reply-To: obrien@NUXI.COM References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.76 In-Reply-To: ; from FreeBSD Mailing List on Mon, Aug 04, 1997 at 01:36:27PM -0600 X-Warning: Mutt Bites! X-Operating-System: FreeBSD 2.2-STABLE Organization: The NUXI *BSD group X-PGP-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Keyid: 34F9F9D5 Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > You could instead write a setuid "wrapper" of some sort that runs a > > shell script (or set of scripts), using c, c++, etc. > > Here is a simple "wrapper": > > -- cut here (wrapper.c) -- > > #include > main() > { > execl("/etc/rc.WHATEVER","WHATEVER",NULL); > } Still too dangerous. The environment isn't cleansed. Please try the super port (ports/security/super) which is a wrapper program like this, but does some cleansing and can use control lists. -- -- David (obrien@NUXI.com -or- obrien@FreeBSD.org)