[mythtv-users] Preemptive Kernel Patch
Nathan Poznick
poznick at conwaycorp.net
Tue Feb 18 20:26:06 UTC 2003
Thus spake Monty Walls:
> Sure you can, just might not be smart, plus may require some fiddling
> with the actual code. Since the only user is me, and it's
> not an externally exposed box (inside a firewalled, NATed network), it
> might be an acceptable risk...
Actually, many systems disable the ability to use a setuid shell script.
npozni at ripcord:~$ cat script
#!/bin/bash
ls -l /
sleep 30
npozni at ripcord:~$ ls -l script
-rwsr-xr-x 1 root root 30 Feb 18 14:09 script*
(user npozni runs ./script)
If the script was running setuid, it would show up as running as root in
the process listing...
npozni 18405 0.2 0.2 2060 960 pts/4 S 14:09 0:00 /bin/bash ./script
npozni 18407 0.0 0.1 1708 452 pts/4 S 14:09 0:00 sleep 30
One way to get around this is to write a very simple C wrapper program
which is setuid, and serves no purpose other than to exec the intended
shell script.
--
Nathan Poznick <poznick at conwaycorp.net>
To swallow and follow, whether old doctrine or new propaganda, is a
weakness still dominating the human mind. - Charlotte P. Gillman
More information about the mythtv-users
mailing list