*BSD News Article 8640


Return to BSD News archive

Path: sserve!manuel.anu.edu.au!munnari.oz.au!spool.mu.edu!olivea!uunet!mcsun!Germany.EU.net!tools!ws
From: ws@tools.de (Wolfgang Solfrank)
Newsgroups: comp.unix.bsd
Subject: Re: [386bsd] Fix for kern_execve to allow suid/sgid shellscipts
Message-ID: <WS.92Dec8150947@kurt.tools.de>
Date: 8 Dec 92 23:09:47 GMT
References: <4165@wzv.win.tue.nl> <veit.723491073@du9ds3> <19694@ksr.com>
	<4171@wzv.win.tue.nl>
Organization: TooLs GmbH, Bonn, Germany
Lines: 11
NNTP-Posting-Host: kurt.tools.de
In-reply-to: guido@gvr.win.tue.nl's message of 6 Dec 92 18:09:25 GMT

In article <4171@wzv.win.tue.nl> guido@gvr.win.tue.nl (Guido van Rooij) writes:
   So if you add this code to the kernel, make sure thatb when you
   make a suid/guid shell script, you use it only for yourself and
   mask away all group/world permissions. NEVER use it for general purpose
   /usr/bin applications.

Why should I need a script (or any other executable) with permission
rws------? If noone but the owner can execute the script, when he runs
it he does have the requested uid anyway :-).
--
ws@tools.de     (Wolfgang Solfrank, TooLs GmbH) +49-228-985800