Hard Links between UNIX Utility Programs
Eric Schnoebelen
egs at killer.DALLAS.TX.US
Fri Aug 5 01:25:05 AEST 1988
In article <153 at ispi.UUCP> jbayer at ispi.UUCP (id for use with uunet/usenet)
writes:
>
>Another workable solution is to do the following steps:
>
> 1. Move the programs you want to restrict to a directory
> readable only by the super user.
> 2. Create a shell script for each type of call for each program
> 3. Make the shell script executable by everyone.
> 4. Make the owner of the shell script the super user
> 5. Set the user bit for the shell script (chmod u+s name)
Over in comp.unix.wizards they are having a nice little
discussion about setuid shell scripts, and several people have shown how
they are a larger security hole than the programs being discussed here.
( see comp.unix.wizards for examples )
A better choice for this solution might be to write small 'wrapper'
programs, and set the suid bit on them.
>Now no matter how someone calls the shell script the program will still
>be called using the correct name.
>
>Jonathan Bayer
>Intelligent Software Products, inc.
>19 Virginia Ave.
>Rockville Centre, NY 11570
>uunet!ispi!jbayer
Eric Schnoebelen
John W. Bridges & Associates, Inc.
Lewisville, Tx. 75067
u-word!egs at killer.dallas.tx.us
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list