PCMCIA works; Allowing suid scripts on laptops?

To: Jean Orloff <orloff@lapp.in2p3.fr>
Cc: debian-user@lists.debian.org
Subject: PCMCIA works; Allowing suid scripts on laptops?
From: Raul Miller <rdm@tad.micro.umn.edu>
Date: 25 Apr 1996 17:51:22 GMT
Message-id: <[🔎] 19960425175122.4349.qmail@tad.micro.umn.edu>
In-reply-to: <[🔎] m0uCSYc-000WvPC@lappc-th4.in2p3.fr>
References: <[🔎] m0uCSYc-000WvPC@lappc-th4.in2p3.fr>

Jean Orloff:
 > For the suid bit: I vaguely remember this was somehow disbaled in
 > Debian for security reasons (which do not really apply for a laptop
 > spending 99% of the time disconnected), but I don't remember how...

When you exec a shell script /usr/local/bin/foo which begins with the
line #!/bin/sh what actually gets executed is

/bin/sh /usr/local/bin/foo

Intuitively, this would be suid only if /bin/sh is suid (at which
point, you could reasonably expect that /bin/sh would be written to
interpret the permissions on /usr/local/bin/foo and take appropriate
action).

I don't know exactly how this is currently implemented in the linux
kernel, but I wouldn't be suprised if it did exactly this.

Note, also, that you can completely change the semantics of /bin/sh by
setting some environmental variables (such as IFS, and
LD_LIBRARY_PATH).  Thus, you probably don't want to have suid shell
scripts in the first place.  It's more secure to just put /bin/open in
/etc/inittab for some virtual terminal [at least this way, remote
users wouldn't get root access.]

-- 
Raul

Reply to:

References:
- PCMCIA works; Allowing suid scripts on laptops?
  - From: Jean Orloff <orloff@lapp.in2p3.fr>

Prev by Date: Re: which whichy
Next by Date: Re: which whichy
Previous by thread: Re: PCMCIA works; Allowing suid scripts on laptops?
Next by thread: Re: PCMCIA works; Allowing suid scripts on laptops?
Index(es):
- Date
- Thread