Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'setuid scripts are insecure!' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
setuid scripts are insecure!
Authored by: hayne on Nov 16, '03 01:59:49PM
It is generally considered that setuid root shell scripts are insecure and hence should not be used. (The 'chmod u+s' makes the script setuid - i.e. it runs with the priviledges of the owner, which is root.) The setuid facility should only be used for compiled executables where the insecurity is much less. Or write the script in Perl and use the 'taint' facility.

Instead of making the script setuid, you should run it with 'sudo'.

Reference on the insecurity of setuid root scripts:
Sys Admin magazine



[ Reply to This | # ]