Bug 10259 - scripts are not run by their owners rights
scripts are not run by their owners rights
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: filesystem (Show other bugs)
6.1
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Bill Nottingham
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-03-20 06:02 EST by janne.mikkola
Modified: 2014-03-16 22:13 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-03-20 10:47:21 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description janne.mikkola 2000-03-20 06:02:41 EST
goal: script is owned by root and everybody can run it with root
permissions.

problem: eaven if i do 'chmod 4755 script.sh' script is run with user
permissions.

script sample:
#!/bin/sh
ls -l /dir/not/readable/by/user

when script is run by root it runs fine, when run as some user it fails.

-rwsr-xr-x   1 root     root           31 Mar 20 13:05 tt.sh
[root@spargate jmikkola]# cat tt.sh
#!/bin/sh
ls -l /home/skaisanl
[root@spargate jmikkola]#
[root@spargate jmikkola]# ./tt.sh
total 0

[root@spargate jmikkola]#

[jmikkola@spargate jmikkola]$ ./tt.sh
ls: /home/skaisanl: Permission denied
[jmikkola@spargate jmikkola]$

         janne mikkola
Comment 1 Bill Nottingham 2000-03-20 10:47:59 EST
You cannot run setuid shell scripts, period. It's a security risk.

Note You need to log in before you can comment on or make changes to this bug.