On Tue, 27 May 2003 22:46:25 -0700 David Aikema <[EMAIL PROTECTED]> wrote:
> I suppose that a lot of the stuff that you might need to resort to > various programs like awk for in a script, in a compiled program you > would be calling instead various library functions. Upon building of > the application you link it with the library eliminating some of the > security risk and the need for calling everything by the full pathname > in your code. > > That said, if you're careful about it, I don't see a big problem with > using scripts if you're extremely careful about it, as you should be > with anything of this nature. > > The issue that I've run into is my script needs to in turn execute > another script, which I'm not supposed to be changing, to complete the > task. IIRC the script in question was written in tcsh and takes the > same action that I witnessed in bash when an attempt is made to run it > SUID. > > David Aikema I don't see that many security risks, if the script wasn't a script. The script, by definition, uses a binary interpretter. As far as the OS is concerned, that interpretter (the first line of the script has #!/bin/bash or #!/usr/bin/perl etc....) would have to be SUID, not the script itself. It #would be nice if SUID would work on scripts, but the mechanisms to do so #would be more difficult than the value. If you want something SUID, you must #use C or some other non-interpretted/VM'ed language. _______________________________________________ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
