Matthew Seaman wrote:
> > It would do no good for the kernel to hand the interpreter an
> > open descriptor if the interpreter did not somehow know to read
> > the script from that open descriptor instead of opening the
> > script file by name.
>
> Errr -- no. That's what fdescfs(5) is for. Wh
per...@pluto.rain.com wrote:
RW wrote:
On Sat, 29 Aug 2009 00:06:29 -0700
per...@pluto.rain.com wrote:
Actually, absent some careful cooperation between the
kernel and the interpreter to prevent a race condition ...
isn't that the same issue that Matthew Seaman was saying
was fixed years ago
RW wrote:
> On Sat, 29 Aug 2009 00:06:29 -0700
> per...@pluto.rain.com wrote:
> > Actually, absent some careful cooperation between the
> > kernel and the interpreter to prevent a race condition ...
>
> isn't that the same issue that Matthew Seaman was saying
> was fixed years ago ... and is descr
Perhaps a better idea than a setuid shell script, would be to figure out
just what it is about your script that really needs to be executed as root.
When write a C program that can do just that one thing - and absolutely
nothing else.
If it takes any kind of input, or command line parameters,
RW wrote:
On Sat, 29 Aug 2009 00:06:29 -0700
per...@pluto.rain.com wrote:
Michael David Crawford wrote:
It's not that setuid shell scripts are really more
inherently insecure than programs written in C.
Actually, absent some careful cooperation between the kernel
and the interpreter to preve
On Fri, Aug 28, 2009 at 08:10:59PM -0600, Tim Judd wrote:
> On 8/28/09, RW wrote:
> > On Fri, 28 Aug 2009 11:54:19 +0300
> > Giorgos Keramidas wrote:
> >
> >> On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo
> >> wrote:
> >
> >> > As far as i know, using SUID, script must runs with root
> >>
On Sat, 29 Aug 2009 00:06:29 -0700
per...@pluto.rain.com wrote:
> Michael David Crawford wrote:
> > It's not that setuid shell scripts are really more
> > inherently insecure than programs written in C.
>
> Actually, absent some careful cooperation between the kernel
> and the interpreter to pre
On Sat, 29 Aug 2009 00:17:24 -0700, Michael David Crawford
wrote:
> I came across a page that explained all the different ways setuid
> scripts could screw up - one would have to be a rocket scientist to
> avoid all the potential pitfalls.
Hi Michael,
It would be a very useful addition to the l
per...@pluto.rain.com wrote:
> Actually, absent some careful cooperation between the kernel
> and the interpreter to prevent a race condition that can cause
> the interpreter to run (with elevated permissions) a completely
> different script than the one that was marked setuid, setuid
> scripts _a
Michael David Crawford wrote:
> It's not that setuid shell scripts are really more
> inherently insecure than programs written in C.
Actually, absent some careful cooperation between the kernel
and the interpreter to prevent a race condition that can cause
the interpreter to run (with elevated pe
RW wrote:
So are scripts actually incapable of running setuid?
They aren't on Linux. I learned about that a while back when I
investigated setuid scripts for a coworker.
It's not that setuid shell scripts are really more inherently insecure
than programs written in C. The problem is more
On Sat, 29 Aug 2009 02:24:31 +0100, RW wrote:
>On Fri, 28 Aug 2009 11:54:19 +0300 Giorgos Keramidas
> wrote:
>>On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo
>> wrote:
>>> As far as i know, using SUID, script must runs with root
>>> permissions... so i shoudnt get "Permission denied", what i
On Fri, 28 Aug 2009 20:10:59 -0600, Tim Judd wrote:
> Dunno, but this dawns on me..
>
> what defines a script? I've always defined a script that starts with
> a #! shebang.
>
> So the script can be SUID, but the interpreter/shell isn't. Is that
> why it doesn't work?
What is the difference of
On 8/28/09, RW wrote:
> On Fri, 28 Aug 2009 11:54:19 +0300
> Giorgos Keramidas wrote:
>
>> On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo
>> wrote:
>
>> > As far as i know, using SUID, script must runs with root
>> > permissions... so i shoudnt get "Permission denied", what im doing
>> > wro
On Fri, 28 Aug 2009 11:54:19 +0300
Giorgos Keramidas wrote:
> On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo
> wrote:
> > As far as i know, using SUID, script must runs with root
> > permissions... so i shoudnt get "Permission denied", what im doing
> > wrong??
>
> No it must not. There a
On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo
wrote:
> content of script:
> ]#!/usr/local/bin/bash
^
This ] doesn't belong to the script, does it?
Furthermore, why do you employ bash for calling another program?
It's standard to use sh (#!/bin/sh) if you don't use bash-specific
commands a
On Fri, Aug 28, 2009 at 10:01:54AM +0100, Jeronimo Calvo wrote:
> 2009/8/28 Giorgos Keramidas
>
> On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo
> wrote:
> > >
> > > Im trying to set up a reaaallly basic scrip to allow one user to
> > > shutdown my machine without root permisions, seting up
On Friday 28 August 2009 10:54:19 Giorgos Keramidas wrote:
> On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo
wrote:
> > Hi folks!
> >
> > Im trying to set up a reaaallly basic scrip to allow one user to shutdown
> > my machine without root permisions, seting up SUID as follows:
>
[snip]
>
> Th
Aham!
so SUID can be applied to sh but it doesn't work!, there is not anyway to
apply it? apart from installing sudo?, The thing is that installing sudo and
adding that user into sudoers, that user will be capable to do any other SU
tasks, apart of shutting down... wich i dont like :D (I know that
On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo
wrote:
> Hi folks!
>
> Im trying to set up a reaaallly basic scrip to allow one user to shutdown my
> machine without root permisions, seting up SUID as follows:
>
>
> -rwsrwxr-- 1 root wheel 38 Aug 27 23:12 apagar.sh
>
> $ ./apagar.sh
>
> Permis
20 matches
Mail list logo
