2009-12-10, 22:16(-08), haomiao:
> Thanks for all!Yes, and to clarify the security hole, if you have a setuid ksh
> I finally have knowledges that
script (for instance /opt/x/bin/foo starting with #! /bin/ksh
-)), one can make another script by the same name and put it in
$PATH (like echo sh > ~/bin/foo; chmod +x ~/bin/foo), then
Then the system will change that to:
execl("/bin/ksh", "ksh" (or "foo" depending on the system), "-",
With the process euid being the owner of /opt/x/bin/foo
But ksh will interpret ~/bin/foo instead of /opt/x/bin/foo
(*) Some systems will change it instead to
Note that not all systems support setuid scripts, and on some,
In any case, a setuid shell script especially a ksh one is most
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.