Re: Re[6]: [expert] Problems with SUID and/or SGID for programs.

[Sergio Mart�n Turiel (ADP)]

I have lock the problem, in Red Hat 6.2 the bash shell is 1.14.7(1) and in
Linux Mandrake 7.0 is 2.03.19(1)-release, one is BASH1 and the other is
BASH2, in the NOTES file with bash rpm packet said that the way to fix
problems SUID when execute throught '/bin/sh' (link to /bin/bash),
but if i use thes patch allow to any user script (i don't want this), in LM7
has BASH1 rpm packet, this packet is the same like RH6.2, other solution
(relay it isn't a solution) is to recompile the bash shell with the patch
installed (i don't do it).

At this point i can continue with the idea of install LM8 (i probed this in
LM8 too with the same results).

With this mail i send you the sample that i used to check the problem, with
a little program with the outputs in RH6.2 and LM7.

Best regards and thanks for all to everybody that help me with this problem.

----- Original Message -----
From: "Rusty Carruth" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, August 09, 2001 8:31 PM
Subject: Re[6]: [expert] Problems with SUID and/or SGID for programs.


"Sergio Mart�n Turiel (ADP)" <[EMAIL PROTECTED]> wrote:
> The security level is 3 in LM7 and LM8, instaled not updated.
>
> ----- Original Message -----
> ...
> "Sergio Mart�n Turiel \(ADP\)" <[EMAIL PROTECTED]> wrote:
> > -rwsr-xr-x    1 holanda  developm  2195178 Aug  9 19:29 Container
>
> well, Ok, you convinced me - I guess its a Mandrake thing.


So, now I return the query to the list:

is this a known mandrake thing for security level 3?

if so, what security level does one set to get suid
PROGRAMS (note! not scripts!  You don't want suid scripts!)
to work.

Where is the doc on security level vs what it does?

(Sergio - if 'Container' is a SCRIPT and not a compiled program,
then suid won't work and you really don't want to 'fix'
that behaviour!)

RC

sergio.tar