On Thu, Apr 23, 2009 at 08:56:45AM +0300, Erez D wrote: > i have a bush script i want to be run with root permisions, no matter > which user executes it. > > if it was a binary, i would only need set it suid root. > > but as it is a bash script, suid-ing it doesn't do anything, and suid-ing > /bin/bash itself will make all scripts run suid root, which is surly not > what i want.
There's a reason why the kernel does not respect suid/sgid bit on shell scripts -- It's because there are gazillions of ways a user can use this script to gain total root access. > there must be a solution for that. Yes. Writing secure applications in a secure way. Maybe writing a wrapper suid program that totally sanitize both the environment and command line arguments before exec'ing the script would make it. Although I wouldn't bet on it since it only covers the obvious attack vectors against shell scripts. On 23.04.2009 Yedidyah Bar-David wrote: > 'sudo' is what you want. Why bother? It's easier to simply give those users the root password as the result would be the same anyway. -- Oron Peled Voice: +972-4-8228492 o...@actcom.co.il http://www.actcom.co.il/~oron Linux lasts longer! -- "Kim J. Brand" <k...@kimbrand.com> _______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
