Date: Mon, 24 Feb 1997 07:44:23 -0700 From: Warner Losh <imp@village.org> To: Adrian Chadd <adrian@obiwan.aceonline.com.au> Cc: Jake Hamby <jehamby@lightside.com>, hackers@freebsd.org, auditors@freebsd.org Subject: Re: disallow setuid root shells? Message-ID: <E0vz1df-0004dM-00@rover.village.org> In-Reply-To: Your message of "Mon, 08 Jan 1996 04:35:15 %2B0800." <Pine.BSF.3.95q.960108043026.5974A-100000@obiwan.aceonline.com.au> References: <Pine.BSF.3.95q.960108043026.5974A-100000@obiwan.aceonline.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSF.3.95q.960108043026.5974A-100000@obiwan.aceonline.com.au> Adrian Chadd writes: : Since i'm reviewing /bin/sh and /bin/csh, it might make an interesting : addition. Anyone see any use for +s'ed shells ? Anything it can do, sudo : can do (and sudo AFAIK is much smaller, so less code to screw around : with), and I think its a good idea. : : Suggestions ? That might not be a bad idea. However, it is fairly easy to work around if I can make a /bin/sh setuid, I can make anything I anything I want setuid and then do a setuid(0); exec /bin/sh (or /bin/csh). It would help firewall somethings, but it wouldn't solve the problem. sudo isn't a shell. It doesn't run scripts or read commands from anything but the command line. Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0vz1df-0004dM-00>