Mike Marion wrote: > Quoting "James G. Sack (jim)" <[EMAIL PROTECTED]>: > >> sudo ./whoami.pl > > Doesn't using sudo in that last step kinda negate the whole point? :)
It is getting complicated, isn't it. If script suid worked then the script would report euid = script-owner no matter who the user. Running via sudo reports euid=0, demoing that sgid didn't work .. which _is) the point! :-) > > BTW, the lack of setuid shell scripts led me to write a binary wrapper > awhile back at work. Probably the most in depth C code I've done since > school (not saying much.. 141 lines of code). But I put in my own > semi-security bits: > 1. You have to have a specific primary gid (so, in theory, only > sysadmins can run it) > 2. You can only give 1 arg: name of script to run as root > 3. Script named in 2 must be in a specific path, owned and setuid root > too (path in AFS so it adds security through AFS acls). This is where > most of the real security comes in. > 4. Everything syslogs Nice outline of your security considerations. I have seen a statement that getting security right in scripts is hard, which is one reason not to allow suid scripts. I'm inclined to agree. Don't tell, but wuncaponatime, I wrote a suid "rootdo" program just to call scripts -- but I didn't put _any_ security in. Shushhh. >.. Regards, ..jim -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
