[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: opinion on shell cgi scripts

To: misc@openbsd.org
Subject: Re: opinion on shell cgi scripts
From: Armin Wolfermann <aw@osn.de>
Date: Mon, 1 Nov 2004 15:20:21 +0100
Content-Disposition: inline
Mail-Followup-To: misc@openbsd.org
References: <41801A79.90008@mitc.net> <20041030122143.GH508@wooledge.org> <418619D6.4080701@vanhegan.net> <fb4cc24204110103256fbb0556@mail.gmail.com> <20041101124844.3bff7c6c.johansz@free.fr> <82669ABA-2C0E-11D9-9275-000A95EED730@trumpetpower.com>
User-Agent: Mutt/1.5.6i

* Ben Goren <ben@trumpetpower.com> [01.11.2004 15:07]:
> >> You can't make scripts suid, only binaries.
> >
> > Really ?
> 
> Really.
> 
> $ id && cat suid-whoami && ls -l suid-whoami && ./suid-whoami
> uid=501(ben) gid=501(ben) groups=501(ben), 0(wheel), 5(operator), 
> 9(wsrc), 20(staff), 67(www), 20002(artsed)
> #!/bin/sh
> 
> id
> -rwsr-sr-x  1 nobody  nobody  14 Nov  1 06:55 suid-whoami*
> uid=501(ben) gid=501(ben) groups=501(ben), 0(wheel), 5(operator), 
> 9(wsrc), 20(staff), 67(www), 20002(artsed)

You shouldn't try this on a nosuid-mounted partition.

$ id
uid=4179(armin) gid=0(wheel) groups=0(wheel), 9(wsrc)
$ ls -l suid-whoami
-rwsr-sr-x  1 nobody  nobody  16 Nov  1 15:12 suid-whoami
$ cat suid-whoami
#!/bin/sh
id
$ ./suid-whoami
uid=4179(armin) euid=32767(nobody) gid=0(wheel) egid=32767(nobody) groups=0(wheel), 9(wsrc)

Regards,
Armin Wolfermann

References:
- Re: opinion on shell cgi scripts
  - From: Gaby Vanhegan <gaby@vanhegan.net>
- Re: opinion on shell cgi scripts
  - From: Wijnand Wiersma <wwiersma@gmail.com>
- Re: opinion on shell cgi scripts
  - From: Johan SANCHEZ <johansz@free.fr>
- Re: opinion on shell cgi scripts
  - From: Ben Goren <ben@trumpetpower.com>

Prev by Date: Re: pf, ftp-proxy, default deny, 421 Service not avaiable
Next by Date: 카드결제자금 과다현금 서비스→저금리 장기분할 y djlrttm
Prev by thread: Re: opinion on shell cgi scripts
Next by thread: Re: opinion on shell cgi scripts
Index(es):
- Date
- Thread