> > If so, you might as well start by allowing setuid shell scripts.
> > That was a massive security hole last I heard.
>
> I don't think you've quite got the idea of capabilities yet. If you
> did you wouldn't think that a shell script with capabilities is any
> worse or better than an ELF program with capabilities. In fact,
Yes, it is. Think about: (let ping be shell script)
# cp -a /bin/ping /tmp
user1$ ls -al /tmp/ping
rwsr-xr-x ping
user1$ creates evil script to echo "user1evil:0:" into /etc/passwd
user1$ /tmp/ping &
kernel now starts executing /bin/bash /tmp/ping
but
user1$ mv -f /tmp/evil_script /tmp/ping
/tmp/ping had suid, /tmp/evil_script does not have suid, but shell
being launched already _runs_ suid
user1$ su user1evil
user1evil#
DO you see my point? You need to pass open fd of program being
executed to interpretter if you want suid scripts to work. This
vulnerability does _not_ exist with elf files.
Pavel
-- The best software in life is free (not shareware)! Pavel GCM d? s-: !g p?:+ au- a--@ w+ v- C++@ UL+++ L++ N++ E++ W--- M- Y- R+- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/