LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-01-2008, 09:37 AM   #16
tungvs
Member
 
Registered: May 2008
Distribution: Centos; Ubuntu; Fedora
Posts: 98

Original Poster
Rep: Reputation: 15

This is the result of getfacl in Ubuntu:
Quote:
# file: uidpp
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
The result in RHEL is the same.
So, it's still a mystery. Anyway, thanks for spending your time on my trouble. .

Last edited by tungvs; 09-01-2008 at 09:39 AM.
 
Old 09-01-2008, 06:35 PM   #17
normscherer
Member
 
Registered: Sep 2005
Location: Prescott, AZ
Distribution: Ubuntu Mint LTS 14 and 16
Posts: 44

Rep: Reputation: 15
Quote:
Originally Posted by Mr. C. View Post
This makes no sense.

The problem is that the linux kernel prohibits setuid/setgid shell scripts. Write a program using a language such as C or C++.

Setuid/setgid shell scripts have been a source of security problems, and have been strongly discouraged for years.

See:
http://www.tuxation.com/setuid-on-shell-scripts.html
http://www.samag.com/documents/s=114...106a/0106a.htm
You need to think again about what a shell is. To the kernel it is just another program. Your second paragraph contradicts your first. As you note setuid scripts are bad but the kernel does not prohibit them. A reasonable security policy might prohibit them.
 
Old 09-01-2008, 07:36 PM   #18
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 61
Quote:
Originally Posted by normscherer View Post
You need to think again about what a shell is. To the kernel it is just another program. Your second paragraph contradicts your first. As you note setuid scripts are bad but the kernel does not prohibit them. A reasonable security policy might prohibit them.
No, there is no contradiction. I said "shell script", not shell. I understand clearly that the shell is "just another program" (I've written one years ago). But a shell script is not "just another program".

The kernel traditionally treats a script differently than a binary executable. The kernel reads the file like any file, but must examine the first few "magic" bytes to determine the object format or locate the interpreter line. For scripts with an interpreter line, the kernel opens the given interpreter and does specially plumbing to pass the script to the invoked interpreter.

Executable binaries and shell scripts are different.

See man execve(2)
Quote:
Notes
SUID and SGID processes can not be ptrace()d.

Linux ignores the SUID and SGID bits on scripts.

Last edited by Mr. C.; 09-01-2008 at 08:07 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
which suid sgid to unset? hank43 Linux - Security 1 10-09-2006 02:46 AM
suid on directory - doesn't, sgid ok? pingu Linux - Security 1 01-18-2006 05:04 PM
suid/sgid question plan9 Linux - Security 1 07-08-2004 08:15 AM
Question: the concept of suid and sgid feetyouwell Linux - Software 4 02-03-2004 05:12 PM
SGID and SUID on Directories mikeyt_333 Linux - General 1 03-26-2002 03:41 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 09:11 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration