On Tue, Jun 06, 2000 at 01:32:10AM +0000, Jim Breton wrote: > Simple question: are suid/sgid shell scripts allowed in Linux?
no, the kernel ignores s[ug]id bits on scripts. > I thought they were, but after I tried writing one and running it, it > appears that they are not. yup > Is the elevated privilege dropped back to normal by bash, or by the > kernel itself? kernel it never grants elevated privileges. > (I am aware of the security issues, I just want to know the answer to > this). the security issues are twofold, first there is a race condition between which the kernel read the interpreter line and execs /bin/sh (or whatever) to run the script, it could be replaced by then... (this is solvable by using /dev/fd or something) but there are also endless games users can play to trick the script into doing evil things. better option is perl+suidperl or a C program. perl at least provides a way to write secure suid scripts. -- Ethan Benson http://www.alaska.net/~erbenson/
pgpZWH5UZFaSE.pgp
Description: PGP signature