|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] permissions and setuid
|
On Sat, Jun 02, 2001 at 03:01:28PM -0400, timo wrote:
> I want this script to be the only means of getting the box online.
You don't. Any sane Unix-like OS ignores the setuid bit on scripts,
and it should. If you're actually running a kernel that allows this,
stop.
Some people claim that Perl has robust enough internal support to
allow its scripts to be setuid (you have to specify that you want
this support installed at build time), but I don't buy it.
It is woefully simple to write a C wrapper program to do this, which
is only valuable if you do it correctly, and that's the best thing
to do.
Make sure that you read setuid(2) and setreuid(2) VERY carefully,
and maybe look at some example setuid programs (ssh, if installed
suid, has code to handle this condition).
> I've looked at the cryptic man page. None of my books really
> address other this aside from a description.
Well, like I said, if the man page doesn't help you, go check out
some examples.
I'm about to run out the door, otherwise I'd send some sample code.
Maybe later.
~ g r @ eclipsed.net
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|