PCMCIA works; Allowing suid scripts on laptops?
Jean Orloff:
> For the suid bit: I vaguely remember this was somehow disbaled in
> Debian for security reasons (which do not really apply for a laptop
> spending 99% of the time disconnected), but I don't remember how...
When you exec a shell script /usr/local/bin/foo which begins with the
line #!/bin/sh what actually gets executed is
/bin/sh /usr/local/bin/foo
Intuitively, this would be suid only if /bin/sh is suid (at which
point, you could reasonably expect that /bin/sh would be written to
interpret the permissions on /usr/local/bin/foo and take appropriate
action).
I don't know exactly how this is currently implemented in the linux
kernel, but I wouldn't be suprised if it did exactly this.
Note, also, that you can completely change the semantics of /bin/sh by
setting some environmental variables (such as IFS, and
LD_LIBRARY_PATH). Thus, you probably don't want to have suid shell
scripts in the first place. It's more secure to just put /bin/open in
/etc/inittab for some virtual terminal [at least this way, remote
users wouldn't get root access.]
--
Raul
Reply to: