Bugtraq mailing list archives
Re: Setuid programs run from shell scripts?
From: fred () nasirc hq nasa gov (Fred Blonder)
Date: Tue, 15 Nov 1994 10:30:14 -0500
From: Michael Neuman <mcn () c3serve c3 lanl gov> This is a nice security feature, but is it a bug? <example deleted> Shouldn't suid run as root under the "script"? (Not to get into the set-UID shell-script argument again. ;-) How would you handle the situation where the script itself and the interpreter are BOTH set-UID? They're both integers. We can ADD them. No wait! We'll AVERAGE them. Clearly, the set-UID bit on one or the other must take precedence. Someone, somewhere decided that it would be the set-UID bit on the script. This was maybe the wrong decision, but it's the one we're stuck with, for the moment at least. ----- Fred Blonder fred () nasirc hq nasa gov Hughes STX Corp. (301) 441-4079 7701 Greenbelt Rd. Greenbelt, Md. 20770
Current thread:
- just bitten by the babbling talk's Eric Berggren (Nov 08)
- Re: just bitten by the babbling talk's Steinar Haug (Nov 09)
- /dev/ttyd crashes SunOS? Dave Horsfall (Nov 10)
- Re: /dev/ttyd crashes SunOS? Dave Horsfall (Nov 14)
- Setuid programs run from shell scripts? Michael Neuman (Nov 14)
- Re: Setuid programs run from shell scripts? Fred Blonder (Nov 15)
- Re: Setuid programs run from shell scripts? Quentin Fennessy (Nov 15)
- Re: Setuid programs run from shell scripts? Karl Strickland (Nov 16)
- Re: Setuid programs run from shell scripts? Julian Assange (Nov 17)
- Re: Setuid programs run from shell scripts? Justin J. Lister (Nov 18)
- archives Matthew Harding (Nov 25)
- archives of this list Matthew Harding (Nov 25)