Date: Mon, 15 Apr 1996 21:52:01 -0600 (MDT) From: Dave Andersen <angio@aros.net> To: bogawa@netvoyage.net (Bryan Ogawa at Work) Cc: andy.smith@reuters.com, questions@freebsd.org Subject: Re: FreeBSD 2.1 SUID Message-ID: <199604160352.VAA12196@shell.aros.net> In-Reply-To: <Pine.NEB.3.92.960415151842.24038A-100000@digital.netvoyage.net> from Bryan Ogawa at Work at "Apr 15, 96 03:26:51 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Lo and behold, Bryan Ogawa at Work once said:
> > How can I get this (or any) shell script to run SUID root??
> >
> > Thanks
> >
> > Andy
>
> As many people will tell you, you can't run shell scripts by setting the
> SUID bits. It's considered insecure (as SUID shell scripts can be used to
> run arbitrary programs as their owners). It's disabled in the kernel
> somewhere.
Bloody good thing, too. :) Setuid scripts are just begging for
someone to come along and abuse them.
> 1. Write a wrapper program in C. I'm no expert on this, but it can be
> done.
At the very simplest:
#include <stdlib.h>
int main() {
execl("/your/path/to/program", NULL, NULL);
}
this doesn't check for success, of course, but it does the job.
> I'm not wholly familiar with that, through (there's a perl script which
> will write wrappers I've seen, but it doesn't seem to have the environment
> variables set right).
Perl makes the setuid stuff quite easily through setuid perl. Just be
sure to sanitize the environment.
-Dave Andersen
--
angio@aros.net Complete virtual hosting and business-oriented
system administration Internet services. (WWW, FTP, email)
http://www.aros.net/ http://www.aros.net/about/virtual
"There are only two industries that refer to thier customers as 'users'."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199604160352.VAA12196>