Le 03-Dec-98, Joey Hess a pris ses électrons pour écrire: > Brandon Mitchell wrote: >> Dang, looks like you are right Joey, at least I can't get a counter >> example working. I have been forced to write csh scripts on linux that >> are run by suid programs because bash will drop it's privleges to the >> real user id. So, at least is some aspects, bash is worse than others. >> Any idea why the kernel does this (if it really does, I'm still not sure >> of it)? > > Because shell scripts are supposidly very often full of securitry holes when > suid.
As far as i know it's not a problem of bugs or anything. It's a general problem. What i have understood (i'm not an expert) the executable (bash, whatever) opens the file it closes it it changes uid/gid to reflect suid status -> so it becames root or whatever it reopens it and executes it problem: you can change the content of the file between the two !! so you can have your script, running as root, executing whatever you want !! I heard that some Unix systems (Solaris i think but not sure) provide a way to overcome this by feeding the script to the executable through /dev/3 or something like it (like a new STDIN) Patrick /\//\/\/\\/\/\//\/\\/\/\\/\\/\//\/\\/\//\/\\/\//\/\\/\//\/\\ Patrick M. [EMAIL PROTECTED] http://www.patoche.org/ Sysadmin of patoche.org, globenet.org, bde.espci.fr