site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com On Dec 14, 2004, at 0:54, Michael Maibaum wrote: On Dec 13, 2004, at 21:45, James Berry wrote: Well, well, well, .... On Dec 14, 2004, at 6:01, Allan Nathanson wrote: Change bar.sh to be : #!/bin/bash -p id ps -utp1 Geez, what a tangled web... Thanks for the clarifications. Regards, Justin -- Justin C. Walker, Curmudgeon-At-Large * Institute for General Semantics | If you're not confused, | You're not paying attention *--------------------------------------*-------------------------------* _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... On Mon, Dec 13, 2004 at 10:08:59PM -0800, Justin Walker wrote: On Dec 13, 2004, at 9:24 PM, Justin Walker wrote: On Dec 13, 2004, at 21:11, James Berry wrote: [snip] Most systems will not permit shell scripts to execute 'setuid'. Works for me... (TM). (Note the euid...) It'll take me a while to figure this one out. Seems that bash and sh have somewhat different behaviors: Historically bash when run as sh gives up setuid privs as a security precaution. Apple changed this in bash because zsh doesn't do this and people had written scripts to be executed by sh (which was zsh then) which relied on the elevated privs. Thus the recent Adobe Version Cue security flaw (which is really an Apple derived problem). I think the BSD people were a bit unhappy with this change ;) ... and note the "-p" bash argument which is described in the last paragraph of the "INVOCATION" section of the man page. It seems simpler to me to just drop the setuid bit and be done with it. This is so complicated that it invites abuse... This email sent to site_archiver@lists.apple.com