MY original question
>
> Hello managers.
>
> I have two unrelated question to submit to all of you.
>
> 1) how is it possible to allow the "suid" flag also for shell script
> between users, and not just for binaries?
>
> 2) how is it possible for root to get a text console if it happend to
> get "cut out" from the X environment?
> (it has happend that it was not possible to create an Xterm from root
> because of a mess, and than I had to use FTP to restore it from another
> alpha... telnet to root was also disabled)
>
> Thanks for any help.
> bye
Thanks for the answers to
Olle Eriksson <olle_at_cb.uu.se>
Paul Henderson <pgh_at_unx.dec.com>
sxkac_at_java.sois.alaska.edu (Kurt Carlson)
Gernot Salzer <salzer_at_logic.tuwien.ac.at>
It came out that:
1)
It is not absolutely a good idea to suid a script because, hacking the
environment is possible some commands of the script to be redirected
from the users to his own commands. citing the answer of P. Henderson:
Take the following script:
#!/bin/csh
date
time
exit
If this script were setuid, a person could create a new version of
one of the invoked commands (like 'date') to do some destructive action.
If, for example, he created a 'date' program in his current directory,
depending on the PATH variable, the script might look there first
instead
of using the /usr/bin/date command. And the 'date' command could be
anything
(and it would run setuid!).
The right way is to right a C (or whatever) compiled program as I did.
The alternative way is to use "sudo", allowing users to execute
authorised superuser programs (and loggin any invocation of them)
2)
Citing K. Carlson:
The x display manager is started by /sbin/rc3.d/S95xdm. disable that
and it would presumably remain text. I'm not sure what you'd do to
cut it out on a running system without rebooting.
Also, many systems have both serial and console graphics ports.
We tend to hook the serial ports into console manager and use
'set console serial', the graphics head still works fine under init 3.
furthermore G. Slazer propone to
"install simply a second account, "field", with the same
user and group id as "root", and even with the same password as root,
but only with a simple shell and setup, which I never touch.
So, no matter how badly root crashes, there is always the loop hole
through field.
root:xxx:0:1:system PRIVILEGED account:/root:/usr/local/bin/tcsh
field:xxx:0:1:Field Service PRIVILEGED account:/root:/bin/sh
Thanks to all.
--
Sigismondo Boschi
net1701_at_comune.bologna.it
PhD student at the Physical Chemistry Department
Bologna University (Italy)
Received on Mon Dec 09 1996 - 15:28:02 NZDT