per...@pluto.rain.com wrote:
RW rwmailli...@googlemail.com wrote:
On Sat, 29 Aug 2009 00:06:29 -0700
per...@pluto.rain.com wrote:
Actually, absent some careful cooperation between the
kernel and the interpreter to prevent a race condition ...
isn't that the same issue that Matthew Seaman was
Matthew Seaman m.sea...@infracaninophile.co.uk wrote:
It would do no good for the kernel to hand the interpreter an
open descriptor if the interpreter did not somehow know to read
the script from that open descriptor instead of opening the
script file by name.
Errr -- no. That's what
Michael David Crawford m...@prgmr.com wrote:
It's not that setuid shell scripts are really more
inherently insecure than programs written in C.
Actually, absent some careful cooperation between the kernel
and the interpreter to prevent a race condition that can cause
the interpreter to run
per...@pluto.rain.com wrote:
Actually, absent some careful cooperation between the kernel
and the interpreter to prevent a race condition that can cause
the interpreter to run (with elevated permissions) a completely
different script than the one that was marked setuid, setuid
scripts _are_
On Sat, 29 Aug 2009 00:17:24 -0700, Michael David Crawford m...@prgmr.com
wrote:
I came across a page that explained all the different ways setuid
scripts could screw up - one would have to be a rocket scientist to
avoid all the potential pitfalls.
Hi Michael,
It would be a very useful
On Sat, 29 Aug 2009 00:06:29 -0700
per...@pluto.rain.com wrote:
Michael David Crawford m...@prgmr.com wrote:
It's not that setuid shell scripts are really more
inherently insecure than programs written in C.
Actually, absent some careful cooperation between the kernel
and the interpreter
On Fri, Aug 28, 2009 at 08:10:59PM -0600, Tim Judd wrote:
On 8/28/09, RW rwmailli...@googlemail.com wrote:
On Fri, 28 Aug 2009 11:54:19 +0300
Giorgos Keramidas keram...@ceid.upatras.gr wrote:
On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo
jeronimocal...@googlemail.com wrote:
RW wrote:
On Sat, 29 Aug 2009 00:06:29 -0700
per...@pluto.rain.com wrote:
Michael David Crawford m...@prgmr.com wrote:
It's not that setuid shell scripts are really more
inherently insecure than programs written in C.
Actually, absent some careful cooperation between the kernel
and the
Perhaps a better idea than a setuid shell script, would be to figure out
just what it is about your script that really needs to be executed as root.
When write a C program that can do just that one thing - and absolutely
nothing else.
If it takes any kind of input, or command line
RW rwmailli...@googlemail.com wrote:
On Sat, 29 Aug 2009 00:06:29 -0700
per...@pluto.rain.com wrote:
Actually, absent some careful cooperation between the
kernel and the interpreter to prevent a race condition ...
isn't that the same issue that Matthew Seaman was saying
was fixed years
Hi folks!
Im trying to set up a reaaallly basic scrip to allow one user to shutdown my
machine without root permisions, seting up SUID as follows:
-rwsrwxr-- 1 root wheel 38 Aug 27 23:12 apagar.sh
$ ./apagar.sh
Permission denied
content of script:
cat apagar.sh
]#!/usr/local/bin/bash
On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo
jeronimocal...@googlemail.com wrote:
Hi folks!
Im trying to set up a reaaallly basic scrip to allow one user to shutdown my
machine without root permisions, seting up SUID as follows:
-rwsrwxr-- 1 root wheel 38 Aug 27 23:12 apagar.sh
$
Aham!
so SUID can be applied to sh but it doesn't work!, there is not anyway to
apply it? apart from installing sudo?, The thing is that installing sudo and
adding that user into sudoers, that user will be capable to do any other SU
tasks, apart of shutting down... wich i dont like :D (I know
On Friday 28 August 2009 10:54:19 Giorgos Keramidas wrote:
On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo
jeronimocal...@googlemail.com wrote:
Hi folks!
Im trying to set up a reaaallly basic scrip to allow one user to shutdown
my machine without root permisions, seting up SUID as
On Fri, Aug 28, 2009 at 10:01:54AM +0100, Jeronimo Calvo wrote:
2009/8/28 Giorgos Keramidas keram...@ceid.upatras.gr
On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo
jeronimocal...@googlemail.com wrote:
Im trying to set up a reaaallly basic scrip to allow one user to
shutdown my
On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo
jeronimocal...@googlemail.com wrote:
content of script:
]#!/usr/local/bin/bash
^
This ] doesn't belong to the script, does it?
Furthermore, why do you employ bash for calling another program?
It's standard to use sh (#!/bin/sh) if you don't
On Fri, 28 Aug 2009 11:54:19 +0300
Giorgos Keramidas keram...@ceid.upatras.gr wrote:
On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo
jeronimocal...@googlemail.com wrote:
As far as i know, using SUID, script must runs with root
permissions... so i shoudnt get Permission denied, what im
On 8/28/09, RW rwmailli...@googlemail.com wrote:
On Fri, 28 Aug 2009 11:54:19 +0300
Giorgos Keramidas keram...@ceid.upatras.gr wrote:
On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo
jeronimocal...@googlemail.com wrote:
As far as i know, using SUID, script must runs with root
On Fri, 28 Aug 2009 20:10:59 -0600, Tim Judd taj...@gmail.com wrote:
Dunno, but this dawns on me..
what defines a script? I've always defined a script that starts with
a #! shebang.
So the script can be SUID, but the interpreter/shell isn't. Is that
why it doesn't work?
What is the
On Sat, 29 Aug 2009 02:24:31 +0100, RW rwmailli...@googlemail.com wrote:
On Fri, 28 Aug 2009 11:54:19 +0300 Giorgos Keramidas
keram...@ceid.upatras.gr wrote:
On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo
jeronimocal...@googlemail.com wrote:
As far as i know, using SUID, script must runs
RW wrote:
So are scripts actually incapable of running setuid?
They aren't on Linux. I learned about that a while back when I
investigated setuid scripts for a coworker.
It's not that setuid shell scripts are really more inherently insecure
than programs written in C. The problem is more
21 matches
Mail list logo