Very Computer

Hi.
I wrote a shell script (called 'turnin'), which I set SUID bit on.
The purpose of this shell script is that students use it for submitting
their programming assignments into my directory.

One problem is that since the effective uid becomes my uid when
a student runs the turnin script, he has to give the read permission
to others  to the files that he is going to submit.

Is there any good solution for this ?
BTW, we are using ULTRIX 4.2 system.

Thanks, in advance.

--
____   ____  ____ ______________________________________ (__) _________________

|  |   |  |__|  |  Bovinetic Algorithm Design     o=======\/  I'm  a Cow Lover.
|  |   |        |  Dept. of Computer Science    / |     ||   My wife  was born
\  |---|  |--|  |  University of Houston       *  ||w---||   in Cow year.  Mooo
 \____/|__|  |__| ________________________________^^    ^^_____________________

Because I want to take control over my directories.  Besides the homeworks
submission, my shell script also handles such things like : turnin LOG,
turning off the submission,  LATE homework submission directory, ..etc.
So, I must have a complete control, which means that the students should be
able to write in my directory only in a way my shell script controls.

One non-satisfactory way, which I have been using, and which was suggested
by someone here, is to give the turnin script just executable permission,
and calls a set of SUID scripts in the turnin script.
This just works, but it is undesirable, since :
   1) first, turnin script should copy the files to /tmp/$$ and then
      give it to read permission.
      This is only for a very short time, since they are going to deleted
      after being copied to my directory, but it is a security hole, anyway.
   2) If the students are smart, they can execute only SUID scripts which
       should have been called by turnin,
      by which they can avoid the turnin's control.

Best way would be
   that uid and effective uid have the same permissions ( 8-) ).

--
____   ____  ____ ______________________________________ (__) _________________

|  |   |  |__|  |  Bovinetic Algorithm Design     o=======\/  I'm  a Cow Lover.
|  |   |        |  Dept. of Computer Science    / |     ||   My wife  was born
\  |---|  |--|  |  University of Houston       *  ||w---||   in Cow year.  Mooo
 \____/|__|  |__| ________________________________^^    ^^_____________________

Quote:>I wrote a shell script (called 'turnin'), which I set SUID bit on.
>The purpose of this shell script is that students use it for submitting
>their programming assignments into my directory.

SetUID scripts are BAD!! On most (probably all) systems there are at
least one bug that can be used together with a SUID script to get
access to that persons account!

On most systems there are more than one way to do this... Perl and
real programs is probably the only things that ever should get the
SUID-bit, and with both you have to take special precautions to see
that it really works (One example is the old Emacs-bug that allowed
anyone to get root-access, it's removed since long time now)...

Quote:>One problem is that since the effective uid becomes my uid when
>a student runs the turnin script, he has to give the read permission
>to others  to the files that he is going to submit.

Also possible to avoid in a real program (for example in C). The
output-file could be opened using your UID, then it could switch back
to the original UID and open the input-file.

Quote:>Hi.
>I wrote a shell script (called 'turnin'), which I set SUID bit on.
>The purpose of this shell script is that students use it for submitting
>their programming assignments into my directory.

>One problem is that since the effective uid becomes my uid when
>a student runs the turnin script, he has to give the read permission
>to others  to the files that he is going to submit.

>Is there any good solution for this ?

As far as I can tell, the only obvious solution is to start to
processes: one running with uid=studentID and the other setuid and
make them exchange messages by some pipe. (an easy way to do this is
to pipe the interesting files through tar and then to your setuid
script that will untar the whole thing and ...

        Stefan
--

-----------------------------------------------------
-- On the average, people seem to be acting normal --
-----------------------------------------------------

Quote:>I wrote a shell script (called 'turnin'), which I set SUID bit on.
>The purpose of this shell script is that students use it for submitting
>their programming assignments into my directory.
>One problem is that since the effective uid becomes my uid when
>a student runs the turnin script, he has to give the read permission
>to others  to the files that he is going to submit.

    What would be wrong with creating a directory inside your home
directory, and giving it permission 0730 to the students group?
If the students aren't all in the same group, a setgid script should
work, shouldn't it?
    I just tried this by creating a directory in my root home directory
with write permission for group user, and then copied a file in as a
user with all read premissions set. As the owner of the file, I still
can't read it in the write only directory.

--
John Henders       GO/MU/E d* -p+ c+++ l++ t- m--- s/++ g+ w+++ -x+