From: utzoo!decvax!harpo!seismo!hao!cires!nbires!crp
Newsgroups: net.unix-wizards
Title: Re: More on SUID and exec
Article-I.D.: nbires.104
Posted: Sat Feb 12 21:01:14 1983
Received: Tue Feb 15 07:54:49 1983
References: mitccc.296

You can accomplish what you want to using an SUID process,
but you have to have an additional level of directory.
"Carrying" the user into the forbidden directory isn't enough
since the suid program abandons him to his own permissions before the exec.
The error you are getting from exec is telling you that permission
is denied for searching the current directory.
Try the following:
 drwx------          games  buffer
      drwx--x--x     games  buffer/gamesdir
         -rwx--x--x  games  buffer/gamesdir/forbidden_fruit



The suid program owned by games carries the user in past the buffer directory
(by chdir("/whatever/buffer/gamesdir"))
to a place which the unassisted user can search.
In particular, the user can execute programs in the current directory or
below in the hierarchy.  Note, however, that a pathname with ../
will not work, because the user can't walk upward out of gamesdir
(pwd, for example, won't work).