site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com Mail-followup-to: darwin-dev@lists.apple.com User-agent: Mutt/1.5.6i On Dec 13, 2004, at 21:45, James Berry wrote: Well, well, well, .... Historically bash when run as sh gives up setuid privs as a security precaution. Apple changed this in bash because zsh doesn't do this and people had written scripts to be executed by sh (which was zsh then) which relied on the elevated privs. Thus the recent Adobe Version Cue security flaw (which is really an Apple derived problem). I think the BSD people were a bit unhappy with this change ;) Michael Thanks for digging in further... Regards, Justin _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/michaelm%40opendarwin.org This email sent to michaelm@opendarwin.org On Mon, Dec 13, 2004 at 10:08:59PM -0800, Justin Walker wrote: On Dec 13, 2004, at 9:24 PM, Justin Walker wrote: On Dec 13, 2004, at 21:11, James Berry wrote: [snip] Most systems will not permit shell scripts to execute 'setuid'. Works for me... (TM). (Note the euid...) It'll take me a while to figure this one out. Seems that bash and sh have somewhat different behaviors: $ cat foo.sh #!/bin/sh id ps -utp1 $ cat bar.sh #!/bin/bash id ps -utp1 $ls -l *.sh -r-sr-xr-x 1 root staff 24 13 Dec 22:01 bar.sh -r-sr-xr-x 1 root staff 22 13 Dec 22:00 foo.sh $ foo.sh uid=10180(justin) euid=0(root) gid=20(staff) groups=20(staff), 79(appserverusr), 80(admin), 81(appserveradm) USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND justin 281 0.2 0.2 18644 1392 std S 4Dec04 0:01.57 -bash root 279 0.0 0.3 27540 2000 std Ss 4Dec04 0:00.04 login -pf ju root 4373 0.0 0.1 18644 564 std S+ 10:00PM 0:00.03 sh ./foo.sh root 4375 0.0 0.1 18076 684 std R+ 10:00PM 0:00.02 ps -utp1 $ bar.sh uid=10180(justin) gid=20(staff) groups=20(staff), 79(appserverusr), 80(admin), 81(appserveradm) USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND justin 4378 3.0 0.1 18644 1012 std S+ 10:01PM 0:00.01 bash ./bar.s root 279 0.0 0.3 27540 2000 std Ss 4Dec04 0:00.04 login -pf ju justin 281 0.0 0.2 18644 1392 std S 4Dec04 0:01.57 -bash root 4380 0.0 0.0 18076 308 std R+ 10:01PM 0:00.01 ps -utp1 Looks to me like there is either a compatibility issue at play, or a bug in the system somewhere... 'tcsh' and 'bash' behave the same: scripts can't execute as setuid root. For 'sh', it appears they can...weird. -- Justin C. Walker, Curmudgeon-At-Large * Institute for General Semantics | "Weaseling out of things is what | separates us from the animals. | Well, except the weasel." | - Homer J Simpson *--------------------------------------*-------------------------------* -- Dr Michael A. Maibaum internet: mike@maibaum.org http://mike.maibaum.org/ voice: [m] 07813 713 952 [w] (020) 7679 3890 _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... This email sent to site_archiver@lists.apple.com