| 1 |
Wade Brown wrote: |
| 2 |
|
| 3 |
>I thought linux wouldn't allow suid shell scripts to work as suid. |
| 4 |
>The reasoning is a shell script doesn't quite execute, it gets |
| 5 |
>interpeted by the command on the first line. Just as a test I made a |
| 6 |
>simple script modded root.root 4755 that consists of the /bin/bash |
| 7 |
>line, and cat /etc/shadow. Root can run just fine obviously, but |
| 8 |
>permissions don't exist for other users to do that. |
| 9 |
> |
| 10 |
> |
| 11 |
> |
| 12 |
|
| 13 |
Works fine on my machine. /opt/vmware/lib/vmware/bin/vmware-vmx is a |
| 14 |
setuid shell script that I wrote to startup vmware with the wrapper |
| 15 |
library to get vmware to work with arts. Also my permissions on that |
| 16 |
file are 4711, so maybe there is something special about the global read |
| 17 |
bit? Or possibly dependant upon what LSM modules you have loaded/enabled? |
| 18 |
|
| 19 |
>What may work a little better is either chmod s+x `which shutdown`, or |
| 20 |
>writing a C wrapper and modding that s+x. |
| 21 |
> |
| 22 |
> |
| 23 |
|
| 24 |
I agree that the C wrapper is definetly the most secure option. |
| 25 |
|
| 26 |
-Richard |
| 27 |
|
| 28 |
-- |
| 29 |
gentoo-user@g.o mailing list |
Archives