[linux] sendmail: alias to program
Matus fantomas Uhlar
uhlar na fantomas.sk
Středa Duben 11 19:44:01 CEST 2001
-> > -> ??? To fakt? Kde si to zistil? Ja nepochybujem, len je
-> > -> to pre mna prekvapiva informacia...
->
-> viz Linux-FAQ http://www.linuxdoc.org/FAQ/Linux-FAQ/x1955.html#AEN2068
->
-> > vacsina shellov ked vykonava setuid skript tak zmeni svoje UID naspat.
->
-> Tímhle tedy chcete říci, že ono id zpět mění samotný příkazový interpret?
-> A zpět z čeho? Z id==0? Tj. už má id==0, tj. běží s identitou
-> superuživatele? To snad ne :-) Kernel u skriptům nebere v potaz suid
-> bit. Když většina, tak který to umožňuje?
no, mal som informacie zo solarisu kde shell vola setreuid() ked euid!=ruid
a to skipne v pripade ked sa spusti s parametrom -p
ako vidim, v linuxe sa bezpecnost tejto veci urobila podla vyssieho FAQ:
7.7. Setuid Scripts Don't Seem to Work.
That's right. This feature has been disabled in the Linux kernel on
purpose, because setuid scripts are almost always a security hole. Sudo
and SuidPerl can provide more security than setuid scripts or binaries,
especially if execute permissions are limited to a certain user ID or
group ID.
If you want to know why setuid scripts are a security hole, read the FAQ
for comp.unix.questions.
takze tato ficura bola zakazana uplne...
-> > da sa to obist
-> > #!/bin/sh -p
->
-> :-) To nemyslíte vážně, že ne? :-)
myslim. lognite sa na lubovolny solaris server a dajte si man sh:
-p If the -p flag is present, the shell will not set the
effective user and group IDs to the real user and
group IDs.
root@[store /export/home/uhlar] # id
uid=0(root) gid=1(other)
root@[store /export/home/uhlar] # ls -l
total 2
-rwsr-xr-x 1 uhlar other 36 Apr 11 19:41 script
root@[store /export/home/uhlar] # cat script
#!/bin/sh -p
id
touch bla
ls -l bla
root@[store /export/home/uhlar] # ./script
uid=0(root) gid=1(other) euid=1006(uhlar)
-rw-r--r-- 1 uhlar other 0 Apr 11 19:41 bla
takze ako vidite v solarise sa to sprava ako som popisal. V linuxe nie mal
som mylne infos ;) v kazdom pripade do vetra som netaral
--
Matus "fantomas" Uhlar, sysadmin at NEXTRA, Slovakia; IRCNET admin of *.sk
uhlar na fantomas.sk ; http://www.fantomas.sk/ ; http://www.nextra.sk/
My mind is like a steel trap - rusty and illegal in 37 states.
Další informace o konferenci linux