Sudo from scripts
Jerry Feldman
gaf at blu.org
Sat Nov 22 13:06:01 UTC 2008
On 11/18/2008 11:25 AM, Gordon Messmer wrote:
> Mikkel L. Ellertson wrote:
>> Patrick O'Callaghan wrote:
>>> In any case, the owner of the script is only security-relevant in two
>>> cases: 1) if it allows someone to edit the script who normally
>>> couldn't,
>>> or 2) if the script is setuid. Of course it could also change who can
>>> *execute* the script, but if it's not setuid they'll be doing it as
>>> themselves, not as the owner.
>>>
>> Does setuid work on scrips? I know it did not in the past, but I
>> have not checked to see if that has changed.
>
> No, it doesn't, and it never will. Making "root" a script's owner is
> not a "security issue".
>
I don't know if it ever did on Linux, but at one time you could have
setuid and setgid on scripts. I've never investigated that since because
it is a bad thing to do..
--
Jerry Feldman <gaf at blu.org>
Boston Linux and Unix
PGP key id: 537C5846
PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB CA3B 4607 4319 537C 5846
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20081122/ab997d94/attachment-0001.bin
More information about the users
mailing list