abc@Matrix.COM (Alan Clegg) (07/19/90)
Yes, I know that SUID shell scripts may be hazardous to my health, but anyway...
Executing a setuid (root) script causes file tests to work
differently when run on an AViiON and when run on a Sun. Here is the
shell script that causes the problem:
-----CUT HERE-----
#!/bin/sh
# When non-SETUID (not as root), this code responds with
# 'correct operation' on both DG/UX 4.30 and SunOS 4.1
# When run BY root, it returns 'oops' on both platforms.
# NOW THE FLAKEY SITUATION:
# When run as SETUID root by some other uid, it returns 'correct operation'
# on the Sun, but 'oops' on DG/UX.
# This is cause by checking the file permissions with the effective uid, not
# the real uid. This causes problems in SETUID scripts checking for
# writability (by the invoker) of files.
rm -f /tmp/test
touch /tmp/test
chmod 555 /tmp/test
# Show who we are (NOTE THE 'euid').
id
# If the file is writable, we have a problem, or are running as root.
if [ -w "/tmp/test" ] ; then
echo "oops... /tmp/test is writable"
else
echo "correct operation: /tmp/test is NOT writable"
fi
-----CUT HERE-----
Now, is the correct operation to do the { if [ -w ... ] } as the REAL or the
EFFECTIVE uid? As noted, I have checked this with an AViiON and on a Sun, but
don't have root access on any other machine types....
Any opinions are welcome!
Thanks,
-abc
---
__ _
/ // \ Matrix Alan B. Clegg
/ // /_ Corporation UNIX Systems Administrator
/ // // \ (919) 231-8000
/ // // \ UUCP: ...!mcnc!matrx!clegg (NOTE: no i in matrx)
/ // // \ Internet: clegg@matrix.com (Note: matrix has an i)
/_//__//_______\