Path: utzoo!attcan!uunet!mcsun!hp4nl!svin02!rcpieter
From: rcpieter@svin02.info.win.tue.nl (Tiggr)
Newsgroups: comp.unix.questions
Subject: Re: How secure are shell scripts?
Message-ID: <1446@svin02.info.win.tue.nl>
Date: 27 Sep 90 18:04:15 GMT
References: <1511@sirius.ucs.adelaide.edu.au>
Organization: Eindhoven University of Technology, The Netherlands
Lines: 13

mferrare@adelphi.ua.oz.au (Mark Ferraretto) writes:

|I want to write a program that all of our users will be accessing and the 
|program may be suid to root so that certain users may write to a writeprotected
|directory.  At the moment the program is a shell script and I want to know if
|this is less secure than writing C code.  Either way the program would have
|the protection as 755 though there is no need for the users to read it.

755 isn't setuid.  Nothing wrong with a non-setuid shell script.  A setuid shell
script owned by root (world executable) enables ANY user to have a root shell
by typing two commands.

Tiggr