[mythtv-users] Preemptive Kernel Patch

Nathan Poznick poznick at conwaycorp.net
Tue Feb 18 20:26:06 UTC 2003


Thus spake Monty Walls:
> Sure you can, just might not be smart, plus may require some fiddling 
> with the actual code.  Since the only user is me, and it's
> not an externally exposed box (inside a firewalled, NATed network), it
> might be an acceptable risk...

Actually, many systems disable the ability to use a setuid shell script.

npozni at ripcord:~$ cat script 
#!/bin/bash
ls -l /
sleep 30

npozni at ripcord:~$ ls -l script 
-rwsr-xr-x    1 root     root           30 Feb 18 14:09 script*

(user npozni runs ./script)

If the script was running setuid, it would show up as running as root in
the process listing...

npozni   18405  0.2  0.2  2060  960 pts/4    S    14:09   0:00 /bin/bash ./script
npozni   18407  0.0  0.1  1708  452 pts/4    S    14:09   0:00 sleep 30


One way to get around this is to write a very simple C wrapper program
which is setuid, and serves no purpose other than to exec the intended
shell script.


-- 
Nathan Poznick <poznick at conwaycorp.net>

To swallow and follow, whether old doctrine or new propaganda, is a
weakness still dominating the human mind. - Charlotte P. Gillman



More information about the mythtv-users mailing list