Quote:>When I set the s-bit on a shell-script, it is ignored by the kernel.
>I think that is what all UNIXes do, I tried it with Linux.
>But I don't know why this is done. Does there exist an exploit,
>or is it just too easy to write insecure SUID-root shell scripts ?
In my experience (limited as it is) I've found most discouraged the use of
SUID bit if ti isnt absolutely neccessary.
Quote:>So my second question is, is it secure to give a shell script
>root privileges with sudo ?
You could, but why not just put `mount /mnt/cdrom` and `umount /mnt/cdrom`
in the sudoers file instead. That way you dont have to worry about
wherther the shell script will be secure :) But Honestly, I believe it
would be fine. I have a sudoers file setup on some of my work machines so
users can start and stop certain services on their machines.
Quote:>And third, if it is not secure in general, is it secure when
>I just use a very simple shell script without commandline parsing ?
Dont know enough about shell scripts t oknow whether one can trap command
line arguments, but Id tentatively say yes. however, if you're running the
shell script via sudo, then command line arguments should be an issue, as
the command issued must match the command listed in the sudoers files for a
given user (or group).
>I want to enable my users to mount the cdromdrive under OpenBSD,
>and I have not found an 'user' fstab option as it exists in Linux.
>So I wrote a script like this
>and put it into sudoers.
I'll leave it to the securty guru's to tell you whether what you've written
would be problematic, But it looks ok to me (FWIW).
20 days, 5 hours and 53 minutes remaining.