How secure are shell scripts?

Tiggr rcpieter at svin02.info.win.tue.nl
Fri Sep 28 04:04:15 AEST 1990


mferrare at adelphi.ua.oz.au (Mark Ferraretto) writes:

|I want to write a program that all of our users will be accessing and the 
|program may be suid to root so that certain users may write to a writeprotected
|directory.  At the moment the program is a shell script and I want to know if
|this is less secure than writing C code.  Either way the program would have
|the protection as 755 though there is no need for the users to read it.

755 isn't setuid.  Nothing wrong with a non-setuid shell script.  A setuid shell
script owned by root (world executable) enables ANY user to have a root shell
by typing two commands.

Tiggr



More information about the Comp.unix.questions mailing list