| gabriel rosenkoetter on Fri, 2 Nov 2001 15:30:20 +0100 |
|
On Fri, Nov 02, 2001 at 07:31:21AM -0400, Arthur S. Alexion wrote:
> Could someone on this list please help? Jim has helped me considerably
> on the other list.
Sure.
From: Jim Garrison <jimg@legalcs.com>
> Shouldn't execute privileges be enough to run the script? Why does it
> require read privileges? What do I do to secure it so that it is
> executable by the "users" group while only being readable by root?
Nope. Your shell needs to be able to read the shell script char-wise
in order to find out what shell it should execute the script with.
(That's what #!... does.)
Simply put, it's not possible to do what you're trying to do with a
shell script. You either need sudo with *extremely* limited
priveleges (just run that one program) or to write a known-safe
suid wrapper (written in C or another compiled language) for this
binary.
No matter what, you're still running a huge risk here. If you don't
trust these users, then they ought not be able to trigger
something's execution with root priveleges, especially not if it's a
program you haven't audited, because it may be possible to provoke
it into given them full root access.
(It is generally accepted that sudo access to any non-trivial
program--non-trival starts with ls, even if that program is not
designed to write to files--cat, or fork--any daemon or control
mechanism for a daemon, is no kind of restriction of the set of
sudoers with access to that program from a real root shell. sudo
should be treated as a convenience, not a security measure. It's an
*in*security measure.)
--
~ g r @ eclipsed.net
Attachment:
pgpVs7g56gBE2.pgp
|
|