Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!nntp.coast.net!news.kei.com!newsfeed.internetmci.com!in1.uu.net!zib-berlin.de!news.tu-chemnitz.de!irz401!uriah.heep!news From: j@uriah.heep.sax.de (J Wunsch) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: execve() ignores shell script setuid bit Date: 20 Jan 1996 20:33:43 GMT Organization: Private BSD site, Dresden Lines: 18 Message-ID: <4drjj7$1lh@uriah.heep.sax.de> References: <30FEC809.167EB0E7@lasorda.princeton.edu> Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) NNTP-Posting-Host: localhost.heep.sax.de Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Newsreader: knews 0.9.3 Luoqi Chen <luoqi@lasorda.princeton.edu> writes: > Today I noticed > that setuid shell script doesn't run with effective uid set. [...] > Is this a bug or a feature (or simply I misread > the source code)? A feature. Scripts get their set[gu]id bits ignored for security reasons. If you want to run set[gu]id scripts, write them in Perl (which has provisions of its own to make this more secure). -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)