Sudo from scripts
Jerry Feldman
gaf at blu.org
Sat Nov 22 13:06:01 UTC 2008
On 11/18/2008 11:25 AM, Gordon Messmer wrote:
> Mikkel L. Ellertson wrote:
>> Patrick O'Callaghan wrote:
>>> In any case, the owner of the script is only security-relevant in two
>>> cases: 1) if it allows someone to edit the script who normally
>>> couldn't,
>>> or 2) if the script is setuid. Of course it could also change who can
>>> *execute* the script, but if it's not setuid they'll be doing it as
>>> themselves, not as the owner.
>>>
>> Does setuid work on scrips? I know it did not in the past, but I
>> have not checked to see if that has changed.
>
> No, it doesn't, and it never will. Making "root" a script's owner is
> not a "security issue".
>
I don't know if it ever did on Linux, but at one time you could have
setuid and setgid on scripts. I've never investigated that since because
it is a bad thing to do..
--
Jerry Feldman <gaf at blu.org>
Boston Linux and Unix
PGP key id: 537C5846
PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB CA3B 4607 4319 537C 5846
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20081122/ab997d94/attachment-0001.sig>
More information about the fedora-list
mailing list