[199] in bugtraq
Re: Setuid programs run from shell scripts?
daemon@ATHENA.MIT.EDU (Quentin Fennessy)
Tue Nov 15 17:48:14 1994
Date: Tue, 15 Nov 1994 13:42:54 -0600
From: Quentin Fennessy <Quentin.Fennessy@SEMATECH.Org>
In-Reply-To: Your message of "Tue, 15 Nov 1994 10:30:14 EST."
<199411151530.KAA24831@nasirc.hq.nasa.gov>
To: Fred Blonder <fred@nasirc.hq.nasa.gov>
Cc: Michael Neuman <mcn@c3serve.c3.lanl.gov>, bugtraq@fc.net,
Quentin.Fennessy@SEMATECH.Org
> text deleted...
> (Not to get into the set-UID shell-script argument again. ;-)
> Clearly, the set-UID bit on one or the other must take precedence.
> Someone, somewhere decided that it would be the set-UID bit on the
> script. This was maybe the wrong decision, but it's the one we're
> stuck with, for the moment at least.
> -----
Fred-
A shell script runs under the uid of the account executing it.
I don't think there is any way for a script or any other subprocess
to know whether it is being executed by any given account or by
an account using a setuid program. So the script suid has to take
preference. Unless you ignore suid on scripts altogether.
Quentin
