[H-GEN] Script for Arson?
Greg Black
gjb at gbch.net
Thu Apr 24 06:02:23 EDT 2003
On 2003-04-24, Paul Gearon wrote:
> On Sat, 19 Apr 2003, Three Blokes wrote:
> > is there a shell script I can write to do this?, I tried using su but it
> > doesnt seem to allow you to login with a password from the script, I
> > realise it's a bad idea having the root password in a plain text file
> > but what other option do I have?
>
> You definately NEVER want this! It's a really bad idea! :-)
>
> In such a situation just create yourself a root-owned script with all the
> "write" permission bits turned off, and the setuid bit turned on. When
> the script is run the process will have root permissions.
I am on the side of those who suggested setting up sudo for this
(which should not be a surprise).
But I would strongly recommend to anybody who is tempted by the
idea of a setuid script that they type the following expression
at Google and read the articles it returns:
setuid shell scripts
This is a long-standing security nightmare on Unix systems and
has been handled in various ways over the years. But the wise
counsel is to avoid these things.
Greg
--
Greg Black <gjb at gbch.net> <http://www.gbch.net/gjb.html>
GPG signed mail preferred; further information in headers.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 249 bytes
Desc: not available
URL: <http://lists.humbug.org.au/pipermail/general/attachments/20030424/fbb2d2ec/attachment.sig>
More information about the General
mailing list