Bugtraq mailing list archives

Re: Setuid programs run from shell scripts?

From: Quentin.Fennessy () SEMATECH Org (Quentin Fennessy)
Date: Tue, 15 Nov 1994 13:42:54 -0600

text deleted...
(Not to get into the set-UID shell-script argument again. ;-)
Clearly, the set-UID bit on one or the other must take precedence.
Someone, somewhere decided that it would be the set-UID bit on the
script.  This was maybe the wrong decision, but it's the one we're
stuck with, for the moment at least.
-----


Fred-
    A shell script runs under the uid of the account executing it.
I don't think there is any way for a script or any other subprocess
to know whether it is being executed by any given account or by
an account using a setuid program.  So the script suid has to take
preference.  Unless you ignore suid on scripts altogether.

Quentin

Current thread:

just bitten by the babbling talk's Eric Berggren (Nov 08)
- Re: just bitten by the babbling talk's Steinar Haug (Nov 09)
- /dev/ttyd crashes SunOS? Dave Horsfall (Nov 10)
  - Re: /dev/ttyd crashes SunOS? Dave Horsfall (Nov 14)
  - Setuid programs run from shell scripts? Michael Neuman (Nov 14)
    - Re: Setuid programs run from shell scripts? Fred Blonder (Nov 15)
    - Re: Setuid programs run from shell scripts? Quentin Fennessy (Nov 15)
    - Re: Setuid programs run from shell scripts? Karl Strickland (Nov 16)
    - Re: Setuid programs run from shell scripts? Julian Assange (Nov 17)
    - Re: Setuid programs run from shell scripts? Justin J. Lister (Nov 18)
    - archives Matthew Harding (Nov 25)
    - archives of this list Matthew Harding (Nov 25)
  - Raw Socket Bug: details & patch. Darren Reed (Nov 15)