Path: utzoo!attcan!uunet!ingr!b11!nik
From: nik@b11.ingr.com (Nik Simpson)
Newsgroups: comp.unix.questions
Subject: SUID and Shell scripts
Keywords: SUID Shell Won't Work
Message-ID: <5073@b11.ingr.com>
Date: 16 May 89 08:21:54 GMT
Organization: Intergraph Corp. Huntsville, AL
Lines: 47

From article 277 in alt.sources
>>Bryan R. Davies, AT&T Bell Labs
>>IH 55314 4H-332 x3669 att!ihlpy!bdavies
>>
>>Finally, create a shell script (or binary) in your bin directory that
>>others must execute prior to accessing your files.  You can add logging
>>information into a file somewhere, do menu driven stuff, or whatever.
>>The trick is to do a chmod 2755 on the script.  This sets the 'setgid'
>>bit on the file so that the other users who execute this command have
>>your effective group ID, and can access files as per the group settings
>>that you have set up.
>>
        This discussion originated in alt.sources,  however comp.unix.questions
seems a more appropriate forum to continue it.
        The suggested use of a shell script needs some clarification,
using the suid bit on a shell script has no effect on the effective id
of the person executing the shell.

        Try writing the following script


        echo "current id is `id`"

        With the following protections it still shows the id of the
person running the script as being unchanged.

-rwsrwsr-x   1 root     stm           26 May 16 08:42 test.sh

        For more information on this subject can I recommend

        UNIX System Security

        Pat Wood & Stephen Kochan
        Hayden UNIX Books ISBN : 0-8104-6267-2

This devotes some very good coverage to the subject and includes source
for a C program to overcome SUID problems with shells.

|----------------------------------------------------------------------------|
|  Nik Simpson				      |				     |
|  Senior Systems Engineer		      | Disclaimer :		     |
|  System Technology Marketing Group	      |		The author  denies   |
|  Intergraph UK Ltd.			      | any   responsibility   for   |
|  ph +44-793-619999x333 (voice)	      | anything you disagree with   |
|  ph +44-793-618508 (fax)		      | , He was on holiday at the   |
|  UUCP		: uunet!ingr!nik	      | time !!			     |
|----------------------------------------------------------------------------|