Megalextoria
Retro computing and gaming, sci-fi books, tv and movies and other geeky stuff.

Home » Archive » Atari MiNT Mailing List » Re: seduid scripts
Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend 
Switch to threaded view of this topic Create a new topic Submit Reply
Re: seduid scripts [message #6948] Tue, 23 March 1993 01:59
Anonymous
Karma:
Originally posted by: steve@earth.ox.ac.uk

>How about a (setuid root) program that acts as a setuid server; i.e.
>whenever exec detects a #! as the first two characters of a file,
>it instead execs /bin/scripter (or whatever we want to call it) with
>the script file name as the first argument and the other parameters
>(if any) following it. /bin/scripter then checks the uid, gid, and
>permission bits, does appropriate setuid() and setgid() calls, and
>executes the interpreter (after performing any /->\ translations
>that are necessary).
>
>Obviously if the script is *not* setuid or setgid then exec can
>bypass /bin/scripter and just do the script directly.

This sounds an even more unholy mess than one incidence of / -> \ conversion
in the kernel! Anyway, it's just one more security hole, not that there
aren't one or two already! :-)

Steve

--
------------------------------------------------------------ ---------------
Computer Systems Administrator, Dept. of Earth Sciences, Oxford University.
E-Mail: steve@uk.ac.ox.earth (JANET) steve@earth.ox.ac.uk (Internet).
Tel:- Oxford (0865) 282110 (UK) or +44 865 282110 (International).

  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: Re: seduid scripts
Next Topic: Re: seduid scripts
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Thu Mar 28 06:58:13 EDT 2024

Total time taken to generate the page: 0.05299 seconds