Quick followup notes:
jed@megalink.net pointed out a portion of the sh man page
that clarifies the permission dropping behaviour:
The Bourne shell has a limitation on the effective UID for a
process. If this UID is less than 100 (and not equal to the
process' real UID), then the UID is reset to the process'
real UID.
Ascott sent a handy C wrapper for allowing only certain UIDs
to run a command:
/* Program To Give User Oracle Priveledge To Change Date */
/* Alan Scott May 1997 */
/* Uses users unique numeric id to allow specified users only. */
int main(int argc, char *argv[], char *envp[]){
switch ( getuid() )
{
case 13: /* user1 */
case 255: /* user2 */
case 349: /* user3 */
case 378: /* user4 */
case 381: /* user5 */
case 226: /* user6 */
setuid(200);
execve("/usr/local/bin/changedate.prl",argv,envp);break;
default:printf(" \n *** Error: You Are Not Privileged To Run This Programme ***
\n\n");
} /* end switch */
return 0;
} /* end main */
Steve Franks pointed out a good trick for preventing shell
escapes:
ksh (SHELL=/dev/null; myprog)
Many thanks to all, again.
-j
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:24 CDT