[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: seduid scripts



>> I have no particular objection to putting #! interpretation in, but
>> it would have to be "#!\bin\sh" rather than "#!/bin/sh".

>Eric, have you any idea how setuid scripts could be achieved, then?

How about a (setuid root) program that acts as a setuid server; i.e.
whenever exec detects a #! as the first two characters of a file,
it instead execs /bin/scripter (or whatever we want to call it) with
the script file name as the first argument and the other parameters
(if any) following it. /bin/scripter then checks the uid, gid, and
permission bits, does appropriate setuid() and setgid() calls, and
executes the interpreter (after performing any /->\ translations
that are necessary).

Obviously if the script is *not* setuid or setgid then exec can
bypass /bin/scripter and just do the script directly.