Date: Sat, 7 Apr 2001 05:27:24 -0500 From: Mike Meyer <mwm@mired.org> To: "Mick Gallagher" <mickg@mickg.org> Cc: questions@freebsd.org Subject: Re: set-user-id question Message-ID: <15054.60300.671173.605392@guru.mired.org> In-Reply-To: <9164700@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
Mick Gallagher <mickg@mickg.org> types: > Hi All, > > Say I have a shell script, called egscript, say, and the content of the > script is 'touch testfile'. > > Now if I run the script (all the execute permissions are set), then lo and > behold, I find the file 'testfile' in the local directory. > > If I set the suid permissions, and someone else runs the file, no 'testfile' > appears. > > Why is this the case? Does suid only work on binaries? What prevents others > from running this script with my permissions? The code sure looks like it doesn't. Some systems do, and it's a horrible security risk. It's to easy to convince the interpreter on a setuid script to run your command instead of the commands in the script. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15054.60300.671173.605392>