> then try use wrappiner program.
>
> main()
> {
> setuid(0);
> system( "YOUR SCRIPT HERE" );
> }
>
> * SCRIPT name FULL-PATH only! for security.
> and use this wrapper.
>
I wouldnt normally reply this back to the list but NEVER NEVER use this
example program as is. The system command feeds its string through the shell.
Thus if you have a program called "secure"
system("/usr/local/bin/my_command");
a user can do
IFS="/ "
export IFS
secure
and it will feed /usr/local/bin/my_command to the shell. IFS says what
things are seperators between words and the shell will effectively run
usr local bin my_command
running a program "usr" provided by the user on the machine as root.
Users may also set resource limits and cause the setuid program to break
(a long time ago things like ulimit 0; passwd blanked the passwd file).
If you want to do this right, use something like sudo that is basically
safe or read the security list stuff on writing secure setuid application
things. That generally means it needs to remove resource limits, clean
the environment variables, set the signal handlers up nicely then use
execle/execve to safely run the binary. I would recommend the latter path.
Alan
Received on Fri Aug 30 1996 - 14:00:34 NZST