Bash scripting question
Matthew Carpenter
matt
Mon May 17 11:47:53 PDT 2004
On Tue, 27 May 2003 22:46:25 -0700
David Aikema <listmail at rotundus.com> wrote:
> I suppose that a lot of the stuff that you might need to resort to
> various programs like awk for in a script, in a compiled program you
> would be calling instead various library functions. Upon building of
> the application you link it with the library eliminating some of the
> security risk and the need for calling everything by the full pathname
> in your code.
>
> That said, if you're careful about it, I don't see a big problem with
> using scripts if you're extremely careful about it, as you should be
> with anything of this nature.
>
> The issue that I've run into is my script needs to in turn execute
> another script, which I'm not supposed to be changing, to complete the
> task. IIRC the script in question was written in tcsh and takes the
> same action that I witnessed in bash when an attempt is made to run it
> SUID.
>
> David Aikema
I don't see that many security risks, if the script wasn't a script. The
script, by definition, uses a binary interpretter. As far as the OS is
concerned, that interpretter (the first line of the script has #!/bin/bash or
#!/usr/bin/perl etc....) would have to be SUID, not the script itself. It
#would be nice if SUID would work on scripts, but the mechanisms to do so
#would be more difficult than the value. If you want something SUID, you must
#use C or some other non-interpretted/VM'ed language.
More information about the Linux-users
mailing list