[[Sig] Setuid -- am I doing it right?]
Tue, 15 May 2001 10:47:50 -0400
I wonder if I can recompile some of my old Turbo Pascal or Visual Basic
programs under Linux? ;-)
BTW, what am I missing -- why does allowing setuid on an executable
create less of a security risk than allowing setuid on a script, except
to the extent that maybe fewer people can write a c program or
understand and modify a binary? I guess that is the difference -- I
know that I can do anything in a c program that a script can do, whether
I can write something like `chown nobody` in c or have to set the file
parameters using something that looks more like "real" c code.
And, if there is no less of a security risk, isn't that a variety of
"security by obscurity" (as some critics of Microsoft and proponents of
open source software deprecate)? (I better not go there -- just an
observation -- not a question for you but more a rhetorical question for
the Microsoft critics. ;-)
Paul F.Ryan wrote:
> I fought this problem years back before discovering that Linux does not
> support SETUID/SETGID on scripts, only executables. It would e a BIG security
> hole if they allowed it...
> The solution? Write it in 'c', compile it, then use setuid/setgid.