[896] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] joy

daemon@ATHENA.MIT.EDU (Gregory Massel)
Fri Jul 12 11:33:39 1996

Date: Thu, 11 Jul 1996 01:48:05 +0200 (GMT+0200)
From: Gregory Massel <greg@csurf.co.za>
To: Uri Blumenthal <uri@watson.ibm.com>
cc: Jordy <jordy@thirdwave.net>, linux-security@tarsier.cv.nrao.edu
In-Reply-To: <9607101736.AA20976@hawpub.watson.ibm.com>

On Wed, 10 Jul 1996, Uri Blumenthal wrote:
 
> > never run a shell script from a setuid program
> 
> Oh, there still are those who do? What's their IP addresses? (:-)

Forgive me if I'm wrong here, but aren't there cases where this is
needed? An example is the /etc/ppp/ip-up script that is run by pppd.
Such a script must be run setuid root so that you can use it to add
routes etc.

Regards
Greg
-------------- Gregory Massel --------------
CyberSurf Technologies cc
E-Mail: greg@csurf.co.za
Tel: +27 31 207-3034     Fax: +27 31 29-4709
            After hours, Tel: +27 31 81-4273
--------------------------------------------

home help back first fref pref prev next nref lref last post