[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: opinion on shell cgi scripts

On Mon, Nov 01, 2004 at 04:41:37PM +0100, Johan SANCHEZ wrote:
| Sorry for the noise :))
| 
| $  id && cat /suid-whoami && ls -l /suid-whoami && /suid-whoami 
| uid=1000(johan) gid=1000(johan) groups=1000(johan), 0(wheel)
| #!/bin/sh
| 
| /usr/bin/id
| -rwSr-Sr-x  1 root  wheel  23 Nov  1 16:37 /suid-whoami
| sh: /suid-whoami: cannot execute - Permission denied

Try making the script executable : `chmod a+x /suid-whoami`.

But it's still obvious that suid scripts are, in fact, suid. To make
this even more obvious, run id with the -p option.

The 'euid	root' line should be the tell-tale sign that suid does
work on scripts.

Paul 'WEiRD' de Weerd

-- 
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
                 http://www.weirdnet.nl/