The set-user-ID-on-execution
Wojciech Puchar
wojtek at tensor.3miasto.net
Wed Aug 4 14:17:56 PDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> >
> > did I miss something?
>
> Yes. Scripts can't utilize setuid/setgid.
>
> You can rewrite the script in perl and use the setuid perl interpreter
> (which is basically a workaround for this) or install sudo and give the
> script the ability to call sudo before executing commands that require
> elevated priviledges.
or even better write this in C, or at least do wrapper in C that will make
sure no "tricks" are in environment variables etc. it's quite difficult to
write setuid scripts without security holes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
iD8DBQFBEVKCVbTJCKecqu0RAguzAJ9M+MoEItfK84EpSFi/v+OBWbnQ9wCfQLe1
J87ReX6DCOhasKkqoyRTVCc=
=Lj+2
-----END PGP SIGNATURE-----
More information about the freebsd-questions
mailing list