Thanks to all who answered!
The general answer:
> For security reasons the setuid-flag is disabled on shell scripts.
The detailed answer:
> From aad_at_nwnet.net Fri Dec 13 14:49:41 1996
>
> Many people consider setuid scripts to be a gaping security hole. Some
> OS's acknowledge this by explicitly refusing to execute them.
[Digital Unix is one of them. -T]
> Your
> options are to use suidperl (check out the perl docs; I've never done it
> myself, and there have been CERT advisories about some versions) or find
> another way, eg. writing it in C instead, or having a C wrapper that
> exec's the script by name.
>
> One of the security holes is that someone can run the script with a PATH
> set so that, say, ls is a script of their own device that chmod's a copy
> of sh to be setuid, giving them unlimited root access. It happens.
> This is why . should never be in root's path, and why scripts should use
> absolute pathnames (eg., /bin/ls) whenever possible.
My original question:
> Dumb question time. I checked the man pages, hard-copy manuals, and the
> searchable alpha-osf-managers archives at Stanford, but I did not find
> an answer.
>
> How come this doesn't work on Digital Unix 3.2 or 4.0:
>
> % cat tim.pl
> #!/usr/local/bin/perl
> print "ruid=$<\neuid=$>\n";
> % ./tim.pl
> ruid=434
> euid=434
> % ls -l tim.pl
> -rwsr-xr-x 1 root users 51 Dec 13 14:14 tim.pl
> %
>
> ...but when I run it on Solaris 2.5.1 it does this:
>
> % ./tim.pl
> ruid=434
> euid=0
> %
>
> Did I miss something here?
---
Tim Cantin, System and Network Manager, <tcantin_at_wellesley.edu>
203 Simpson East/IST, Wellesley College, Wellesley, MA 02181-8201
http://www.wellesley.edu/~tim/
Received on Mon Dec 16 1996 - 16:11:18 NZDT