On 09/12/2011 09:56 AM, Anton Aylward wrote:
Michael S. Dunsavage said the following on 09/12/2011 09:26 AM:
On 09/12/2011 08:17 AM, Patrick Shanahan wrote:
IS that not heading into dangerous territory having the ability to execute a script without the right permissions ie getting too much like windows and one of the reasons why windows is so wide open and linux has so far been top of the class this does not sound good. You are not *thinking* about it. You are not actually *running* the
* Peter Nikolic<p.nikolic1@btinternet.com> [09-12-11 03:15]: script, you are running bash or sh which you do have permissions to execute and bash/sh is acting on the script instructions.
There is no security/permissions problem, it is acting as intended.
At least research the situation before making wild statements.
So, even if a script was owned by root and you could access the DIR it was in, you could still execute the script? However, if I run that as my unprivileged user, would it execute the script at root privileges?
There you go again. It is not being executed. It is being read and interpreted. At least that's what happening with any
sh $FILE
if you can read it you can squirt it though the shell. See my earlier post and RTFM.
IE. if there was a file called deleteroot that had rm -Rf /, and I had access to it as a regular user, but root owned deleteroot, if I
$ bash deleteroot
as my user, would it delete / ?
No, because its the process that counts.
Look: you can, as a regular user, read all the files in /etc/init.d/ They are all owned by root. They are shell scripts. Some are not marked executable. Some contain commands that can be only executed as root
For example /etc/init.d/nfs is readable ls -l nfs -rwxr--r-- 1 root root 9046 Jul 1 17:12 nfs but has a line in it
mount -t rpc_pipefs rpc_pipefs /var/lib/nfs/rpc_pipefs
If you try executing that script in the way you've described you will get
mount: only root can do that
Can you make scripts setUID? Possibly, but that has nothing to do with the approach we are discussing here. You need to get your mind right and RTFM about the shell and what 'execute' rather than 'interpret' means and read up on not just the shell but RTFM on the 'execl(2)' family.
I get it now. Thanx for that information, pleasantly delivered. -- Michael S. Dunsavage -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org