Bugtraq: Re: Setuid programs run from shell scripts?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Setuid programs run from shell scripts?

From: Quentin.Fennessy () SEMATECH Org (Quentin Fennessy)
Date: Tue, 15 Nov 1994 13:42:54 -0600

text deleted...
(Not to get into the set-UID shell-script argument again. ;-)
Clearly, the set-UID bit on one or the other must take precedence.
Someone, somewhere decided that it would be the set-UID bit on the
script.  This was maybe the wrong decision, but it's the one we're
stuck with, for the moment at least.
-----


Fred-
    A shell script runs under the uid of the account executing it.
I don't think there is any way for a script or any other subprocess
to know whether it is being executed by any given account or by
an account using a setuid program.  So the script suid has to take
preference.  Unless you ignore suid on scripts altogether.

Quentin

By Date By Thread

Current thread:

Re: just bitten by the babbling talk's, (continued)
- Re: just bitten by the babbling talk's Steinar Haug (Nov 09)
- /dev/ttyd crashes SunOS? Dave Horsfall (Nov 10)
  - Re: /dev/ttyd crashes SunOS? Dave Horsfall (Nov 14)
  - Setuid programs run from shell scripts? Michael Neuman (Nov 14)
    - Re: Setuid programs run from shell scripts? Fred Blonder (Nov 15)
    - Re: Setuid programs run from shell scripts? Quentin Fennessy (Nov 15)
    - Re: Setuid programs run from shell scripts? Karl Strickland (Nov 16)
    - Re: Setuid programs run from shell scripts? Julian Assange (Nov 17)
    - Re: Setuid programs run from shell scripts? Justin J. Lister (Nov 18)
    - archives Matthew Harding (Nov 25)
    - archives of this list Matthew Harding (Nov 25)