Re: Authentication: Please critique my solution.
Re: Authentication: Please critique my solution.
- Subject: Re: Authentication: Please critique my solution.
- From: Terry Simons <email@hidden>
- Date: Fri, 10 Oct 2003 23:25:14 -0600
Thanks for the clarification. :-)
I guess I shouldn't haphazardly adopt the terminology of my colleagues
without further research. ;-)
- Terry
On Oct 10, 2003, at 4:52 PM, Alastair J.Houghton wrote:
On Friday, October 10, 2003, at 08:21 pm, Huyler, Christopher M wrote:
I thought I read somewhere that OSX will remove the sticky bit after a
certain period of time. Is this true? Right now, all of our scripts
are installed as "root:admin 0555" but they parse 'id' to check the
uid
and only continue if it is root.
Just to clear up a matter of terminology, the "s" permission bit
(04000 or 02000) is *not* the "sticky" bit. The "s" bit is the
"setuid" bit (or the "setgid" bit if it's set for the group rather
than the user). The "t" bit (01000) is the sticky bit, and controls
the behaviour w.r.t. files created within a directory; the sticky bit
shouldn't generally be set on files because different flavours of UN*X
behave in different ways when they encounter such a file.
(See "man 2 chmod" for more information.)
It is generally considered a *major* security risk using scripts with
their setuid bit set (at least, where the bit is used to gain
privileges as opposed to losing them). There are a wide variety of
security holes inherent in the shell that are hard to code around;
take a look at this thread from Bugtraq:
http://lists.insecure.org/lists/bugtraq/1995/Feb/0095.html
Kind regards,
Alastair.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.