Bug 10259 - scripts are not run by their owners rights
Summary: scripts are not run by their owners rights
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: filesystem
Version: 6.1
Hardware: i386
OS: Linux
medium
high
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-03-20 11:02 UTC by janne.mikkola
Modified: 2014-03-17 02:13 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2000-03-20 15:47:21 UTC
Embargoed:

Attachments (Terms of Use)

Description janne.mikkola 2000-03-20 11:02:41 UTC 
goal: script is owned by root and everybody can run it with root
permissions.

problem: eaven if i do 'chmod 4755 script.sh' script is run with user
permissions.

script sample:
#!/bin/sh
ls -l /dir/not/readable/by/user

when script is run by root it runs fine, when run as some user it fails.

-rwsr-xr-x   1 root     root           31 Mar 20 13:05 tt.sh
[root@spargate jmikkola]# cat tt.sh
#!/bin/sh
ls -l /home/skaisanl
[root@spargate jmikkola]#
[root@spargate jmikkola]# ./tt.sh
total 0

[root@spargate jmikkola]#

[jmikkola@spargate jmikkola]$ ./tt.sh
ls: /home/skaisanl: Permission denied
[jmikkola@spargate jmikkola]$

         janne mikkola
Comment 1 Bill Nottingham 2000-03-20 15:47:59 UTC 
You cannot run setuid shell scripts, period. It's a security risk.
Note You need to log in before you can comment on or make changes to this bug.