Re: How Do I Run a Java App with Superuser Privileges?
Re: How Do I Run a Java App with Superuser Privileges?
- Subject: Re: How Do I Run a Java App with Superuser Privileges?
- From: Justin Walker <email@hidden>
- Date: Tue, 14 Dec 2004 08:18:28 -0800
On Dec 14, 2004, at 0:54, Michael Maibaum wrote:
On Mon, Dec 13, 2004 at 10:08:59PM -0800, Justin Walker wrote:
On Dec 13, 2004, at 21:45, James Berry wrote:
On Dec 13, 2004, at 9:24 PM, Justin Walker wrote:
On Dec 13, 2004, at 21:11, James Berry wrote:
[snip]
Most systems will not permit shell scripts to execute 'setuid'.
Works for me... (TM). (Note the euid...)
Well, well, well, ....
It'll take me a while to figure this one out. Seems that bash and sh
have somewhat different behaviors:
Historically bash when run as sh gives up setuid privs as a security
precaution. Apple changed this in bash because zsh doesn't do this and
people had written scripts to be executed by sh (which was zsh then)
which relied on the elevated privs. Thus the recent Adobe Version Cue
security flaw (which is really an Apple derived problem).
I think the BSD people were a bit unhappy with this change ;)
On Dec 14, 2004, at 6:01, Allan Nathanson wrote:
Change bar.sh to be :
#!/bin/bash -p
id
ps -utp1
... and note the "-p" bash argument which is described in the last
paragraph of the "INVOCATION" section of the man page.
Geez, what a tangled web...
It seems simpler to me to just drop the setuid bit and be done with it.
This is so complicated that it invites abuse...
Thanks for the clarifications.
Regards,
Justin
--
Justin C. Walker, Curmudgeon-At-Large *
Institute for General Semantics | If you're not confused,
| You're not paying attention
*--------------------------------------*-------------------------------*
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden