-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > > > > did I miss something? > > Yes. Scripts can't utilize setuid/setgid. > > You can rewrite the script in perl and use the setuid perl interpreter > (which is basically a workaround for this) or install sudo and give the > script the ability to call sudo before executing commands that require > elevated priviledges.
or even better write this in C, or at least do wrapper in C that will make sure no "tricks" are in environment variables etc. it's quite difficult to write setuid scripts without security holes -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQFBEVKCVbTJCKecqu0RAguzAJ9M+MoEItfK84EpSFi/v+OBWbnQ9wCfQLe1 J87ReX6DCOhasKkqoyRTVCc= =Lj+2 -----END PGP SIGNATURE----- _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
