Re: opinion on shell cgi scripts

[Johan SANCHEZ <johansz@free.fr>]

On Mon, 1 Nov 2004 07:51:33 -0700
Ben Goren <ben@trumpetpower.com> wrote:

> On 2004 Nov 1, at 7:01 AM, Ben Goren wrote:
> 
> > On 2004 Nov 1, at 4:48 AM, Johan SANCHEZ wrote:
> >
> >>> You can't make scripts suid, only binaries.
> >>
> >> Really ?
> >
> > Really.
> 
> Camiel pointed out that I probably had said script running on a 
> partition mounted nosuid--which was correct. And, as the case should be 
> for any partition running CGI scripts...but that doesn't make my 
> statement (and Johan's) any less false.
> 
> For the record:
> 
> $ id && cat /suid-whoami && ls -l /suid-whoami && /suid-whoami
> uid=501(ben) gid=501(ben) groups=501(ben), 0(wheel), 5(operator), 
> 9(wsrc), 20(staff), 67(www), 20002(artsed)
> #!/bin/sh
> 
> id
> -rwsr-sr-x  1 root  wheel  14 Nov  1 07:44 /suid-whoami*
> uid=501(ben) euid=0(root) gid=501(ben) egid=0(wheel) groups=501(ben), 
> 0(wheel), 5(operator), 9(wsrc), 20(staff), 67(www), 20002(artsed)
> 
> Cheers,
> 
> b&

Sorry for the noise :))

$  id && cat /suid-whoami && ls -l /suid-whoami && /suid-whoami 
uid=1000(johan) gid=1000(johan) groups=1000(johan), 0(wheel)
#!/bin/sh

/usr/bin/id
-rwSr-Sr-x  1 root  wheel  23 Nov  1 16:37 /suid-whoami
sh: /suid-whoami: cannot execute - Permission denied

$ sudo cat /etc/fstab 
/dev/sd0a / ffs rw 1 1
/dev/sd0f /tmp ffs rw,nodev,nosuid 1 2
/dev/sd0d /usr ffs rw,nodev 1 2
/dev/sd0e /var ffs rw,nodev,nosuid 1 2

Cheers

> 
> [demime 0.98d removed an attachment of type application/pgp-signature which had a name of PGP.sig]
> 
> 


-- 

                             Chatou Informatic Services Center 

	                        http://wwwcisc.homeunix.net