[lug] Cron ssh suid problem
Tkil
tkil at scrye.com
Fri Sep 7 15:24:34 MDT 2001
>>>>> "Glenn" == Glenn Murray <gmurray at Mines.EDU> writes:
Glenn> I am trying to run a shell script from cron. [...] Why doesn't
Glenn> the suid bit work?
most systems no longer allow setuid scripts; they are too easy to
abuse (in the sense that they are relatively easy to exploit to gain
access; the attack i remember involved running the script at such a
high nice level that you could link a different script in between the
time it established credentials and actually started parsing the
file. there might also have been an IFS-based attack...).
the way around this is usually by using a small C wrapper that does
the setuid work, then execs the script as the appropriate user. see,
for example, "suexec" as ships with apache.
as for your current problem, i don't know enough about how ssh uses
identity files to help.
t.
More information about the LUG
mailing list