Nothing stupid about them...

...I just stole the name from David Letterman's "stupid pet tricks". I hope these tips help you avoid or fix mistakes along the way in your *nix administration duties.

Thursday, August 7, 2008

I want to setuid root on my shell script.

No, you don't. Trust me, you really really don't want to do this. It's a security hole a mile wide.

Now having said that, some shells do have options that allow the observance of the setuid bit. Most shells do not have that option.

But if you absolutely must run something setuid root, I would much rather you wrap the commands of your shell in a small C program, using the system() call for instance, compile it, and then setuid on that compiled binary.


#include<stdio.h>

main(int h)
{
        return (system("/run/whatever/here"));
}


Save this file with a .c extension, then compile this with gcc:

gcc myprog.c
mv a.out mynewexe

...then setuid on the compiled executable, mynewexe. If you must. Be careful. By the way, you ever heard of sudo?
Posted by at 7:43 PM
Labels:

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Search

Google