[clue-tech] Using SUID to downgrade root's access
Angelo Bertolli
angelo at freeshell.org
Mon May 23 21:55:31 MDT 2005
Chris Tubutis wrote:
>>From http://www.samag.com/documents/s=1149/sam0106a/0106a.htm
>
>Even after all our work, it is nearly impossible to create safe SUID
>shell scripts. (It is impossible on most systems.) Because of these
>problems, some systems (e.g., Linux) won't honor SUID on shell scripts
>
>
Ah, well this will explain the shell script thing. I'll have to SUID
the executable. By the way, I am not setting SUID on a root-owned
file. I'm trying to set SUID to 'nobody' so even if root runs it, it
will be downgraded to 'nobody'
More information about the clue-tech
mailing list