setuid scripts

Marek Cendrowicz · ‎12-23-2002

Consider following:

==== CUT HERE ====
(marec@flex02:/tmp)$ cat ./test.ksh
#!/bin/ksh
# Suid script ?

echo "---START---"
/usr/bin/id
echo "---STOP---"
(marec@flex02:/tmp)$ ls -l ./test.ksh
-r-sr-xr-x 1 root sys 77 Dec 23 16:43 ./test.ksh
(marec@flex02:/tmp)$ ./test.ksh
---START---
uid=29946(marec) gid=601(wawapp) euid=0(root)
---STOP---
==== CUT HERE ====

And now on different HP-UX:

==== CUT HERE ====
helmut:/home/staff/rba$ cat p
#!/bin/ksh
# Suid script ?

echo "---START---"
/usr/bin/id
echo "---STOP---"

helmut:/home/staff/rba$ ls -l p
-r-sr-x--- 1 root staff 78 Dec 23 15:05 p

helmut:/home/staff/rba$ ./p
./p: Setuid execution not allowed
---START---
uid=501(rba) gid=100(staff)
---STOP---
==== CUT HERE ====

Both machines are:

(marec@flex02:/tmp)$ uname -sr
HP-UX B.11.00

What could be different here? exec(2) tells that setuid is not supported on scripts, but I can run them on one machine, but not on the other. Is this some (undocummented?) kernel parameter or ? All suggestions really appriciated.

Regards,
Marek C.

H.Merijn Brand (procura · ‎12-23-2002

First thing that drops my mind is that it is possible to permit/deny SUID scripts on a per filesystem basis. You can check using sam or

# grep -i suid /etc/fstab

if I'm not mistaken

Enjoy, Have FUN! H.Merijn

John Payne_2 · ‎12-23-2002

Are you sure you are a member of the group 'staff' on helmut? What happens if you (temporarily) do a 'chmod 555 p' and try to run it again?

Or if your primary group is not staff, chown the file to your primary group.

Hope it helps

John

Spoon!!!!

ConnieK · ‎12-24-2002

Have you checked how the file system is mounted? Check to see if it's mounted "no suid."

Independent by nature

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

setuid scripts

setuid scripts

Re: setuid scripts

Re: setuid scripts

Re: setuid scripts