[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Sudo from scripts

On 11/18/2008 11:25 AM, Gordon Messmer wrote:
Mikkel L. Ellertson wrote:
Patrick O'Callaghan wrote:
In any case, the owner of the script is only security-relevant in two
cases: 1) if it allows someone to edit the script who normally couldn't,
or 2) if the script is setuid. Of course it could also change who can
*execute* the script, but if it's not setuid they'll be doing it as
themselves, not as the owner.

Does setuid work on scrips? I know it did not in the past, but I
have not checked to see if that has changed.

No, it doesn't, and it never will. Making "root" a script's owner is not a "security issue".

I don't know if it ever did on Linux, but at one time you could have setuid and setgid on scripts. I've never investigated that since because it is a bad thing to do..

Jerry Feldman <gaf blu org>
Boston Linux and Unix
PGP key id: 537C5846
PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB  CA3B 4607 4319 537C 5846

Attachment: signature.asc
Description: OpenPGP digital signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]