SUID and Shell scripts
Guy Harris
guy at auspex.auspex.com
Fri May 19 03:57:45 AEST 1989
> The suggested use of a shell script needs some clarification,
>using the suid bit on a shell script has no effect on the effective id
>of the person executing the shell.
Well, it depens on what flavor of UNIX you have. *If* you have one that
supports "#!" in the "exec" calls, and *if* your script begins with a
"#!" line, then setting the suid bit on a shell script *does* cause the
effective ID(s) of the process running the script to be set to those of
the owner/group of the script - assuming the system you're running
doesn't disable set-UID shell scripts in "exec", as was done by Berkeley
at one point to deal with some rather nasty security holes that set-UID
shell scripts open up.
Maarten Litmath has written a program to let you run shell scripts
set-UID which he claims doesn't have any such security holes. I assume
he's right; however, you still have to be careful when writing set-UID
shell scripts, just as you have to be careful when writing *any* set-UID
program.
More information about the Comp.unix.questions
mailing list