[svlug] Giving admin. power to a web mgmt. interface

Marc MERLIN marc_news at valinux.com
Tue Nov 13 16:41:02 PST 2001


On Tue, Nov 13, 2001 at 01:03:23PM -0800, Aaron T Porter wrote:
> 
> 	I'm not all that comfortable suggesting this... but:
> 
> #include <unistd.h> int main (void) 
> { 
>   execl ("/bin/bash", "bash", "/usr/bin/script.sh", NULL); 
>   return 1;
> }

There are many race conditions and  problems with running shell scripts SUID
(fun IFS stuff and so forth)

It will  work, but it's  unsecure (there is a  reason why linux  ignores the
suid bit on shell scripts :-D)

That said, most of those problems may not be relevant in your specific case.

Marc
-- 
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking
  
Home page: http://marc.merlins.org/   |   Finger marc_f at merlins.org for PGP key




More information about the svlug mailing list