Path: utzoo!attcan!uunet!tut.cis.ohio-state.edu!att!pacbell.com!mips!sgi!shinobu!odin!mitch From: mitch@sgi.com (Thomas Mitchell) Newsgroups: comp.sys.sgi Subject: Re: 3.3.1 questions & complaints Message-ID: <1990Oct22.233456.4861@odin.corp.sgi.com> Date: 22 Oct 90 23:34:56 GMT References: <1990Sep26.174852.1344@ux1.cso.uiuc.edu> <1990Sep27.192121.18059@odin.corp.sgi.com> Sender: news@odin.corp.sgi.com (Net News) Organization: Silicon Graphics Computer Systems, Mountain View CA. 94039 Lines: 44 In article <1990Sep27.192121.18059@odin.corp.sgi.com> jweldon@sgi.com (Jack P. Weldon) writes: * In article <1990Sep26.174852.1344@ux1.cso.uiuc.edu> wsherman@newton.ncsa.uiuc.edu (William Sherman -Visualization) writes: * >I'll ask the question before I lose my audience. With the new method * * > [X startup question deleted--sorry] * * >Okay, my first complaint is about something I'm sure SGI considers * >a "feature." I have some shell scripts ^SUID * * In 3.3, there is a flag to allow suid shell scripts which is shipped * "off" for security reasons. Edit /usr/sysgen/master.d/kernel and change * the line "int nosuidshells = 1;" to 0. Then run /etc/init.d/autoconfig * and reboot (or use lboot if you wish--both build a kernel). Needless to * say you must be root to do this...And YES, it *is* a feature, not a bug. Better to write a 'c' program and make it SUID. It can (should) be very simple. Just issue a "system()" call to do exactly what you wish no more no less. Do read the book "UNIX System Security" by Patrick H. Wood and Stephen G. Kochan Hayden Book Company ISBN 0-8104-6267-2 The program can have an access list, keep track of who what when, what is mounted etc. Of course if you are the only user and not on a network turn the bit off in the kernel as above. Shell scripts are much shorter than 'c' programs. Compare: #!/bin/sh echo '\0220'1.y$1'\0234' With the size of a 'c' program to set the title bar of a 'wsh' window. -- -- Thomas P. Mitchell -- mitch@sgi.com or mitch%relay.csd@sgi.com "All things in moderation; including moderation."