Hard Links between UNIX Utility Programs

Leslie Mikesell les at chinet.chi.il.us
Thu Jul 28 05:04:32 AEST 1988


In article <185 at chip.UUCP> mparker at chip.UUCP (M. D. Parker) writes:
>Programs no longer have HARD LINKs and can be protected individually.
>Complication here, if a user creates a SYMBOLIC LINK to the program as:
>
>	ln -s /usr/lib/sendmail mailq
>
>and then executes the program 'mailq', the effect is identical to running
>/usr/ucb/mailq prior to my making the copy.

But most programs have command line switches that override the program
name, and it is easy enough to pass a fake argv[0] to a program anyway.
To control things to the extent that you want, you either have to write
all the programs yourself or make the programs executable only by a
certain user or group ID.  Then you can write a front-end program that
is set[ug]id that knows who is allowed to execute which programs with
which arguments.  Several such programs have been posted to the net to
allow some users access to root without knowing the root password, but 
they should work as well (and be safer) with some other special ID set
up for that purpose.

  Les Mikesell



More information about the Comp.bugs.4bsd.ucb-fixes mailing list