Bad idea
Linux
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
How to break user mode protections in 1 quick misstep!
Just like when an admin hands out sudo rights to run a custom script without locking down the script itself.
Oh, in the 90s I worked at a big defense contractor, one of a shell script had a suid on it, so just by creating a symbolic link named "-x" pointing to the script, and executing it, you entered in a root shell ☺️
Avoid using sudo and setuid by writing your own sudo program using setuid?
How to run a shell script with root permisions without sudo? su to root. Or set up the correct permissions for the script and whatever it needs to touch, and add your user to any required groups, so that you don't need to be root to run the script. Rolling your own solution is never a good idea for anything security-related.
Or create a service running with limited access to specific resources, and create an API for users to make requests to that service.
Do you know how many times I've made some little bit of shell code "setuid" by writing a shitty little C program that just calls system()?