Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Setuid programs run from shell scripts?

From: mcn () c3serve c3 lanl gov (Michael Neuman)
Date: Mon, 14 Nov 1994 11:12:32 -0700 (MST)

This is a nice security feature, but is it a bug?

$ cat suid.c
#include <stdio.h>
main() { printf("euid==%d ruid==%d\n",geteuid(), getuid()); }
$ ls -l suid
-rwsr-xr-x  1 root        24576 Nov  8 13:27 suid*
$ suid
euid==0 ruid==100
$ cat testscript2
#!/path_to_suid/suid
foo
$ testscript2
euid==100 ruid==100
------

Shouldn't suid run as root under the "script"?
 
(This is on SunOS 4.1.3_U1B)
-Mike
Previous By Date Next
Previous By Thread Next

Current thread: