[196] in bugtraq

home help back first fref pref prev next nref lref last post

Setuid programs run from shell scripts?

daemon@ATHENA.MIT.EDU (Michael Neuman)
Mon Nov 14 17:17:17 1994

From: Michael Neuman <mcn@c3serve.c3.lanl.gov>
To: bugtraq@fc.net
Date: Mon, 14 Nov 1994 11:12:32 -0700 (MST)

This is a nice security feature, but is it a bug?

$ cat suid.c
#include <stdio.h>
main() { printf("euid==%d ruid==%d\n",geteuid(), getuid()); }
$ ls -l suid
-rwsr-xr-x  1 root        24576 Nov  8 13:27 suid*
$ suid
euid==0 ruid==100
$ cat testscript2
#!/path_to_suid/suid
foo
$ testscript2
euid==100 ruid==100
------

Shouldn't suid run as root under the "script"?
 
(This is on SunOS 4.1.3_U1B)
-Mike

home help back first fref pref prev next nref lref last post