Difference between revisions of "Setuid wrapper"
From WA2IAC Wiki
(Template for a Bad Idea: SETUID Wrapper) |
|||
Line 1: | Line 1: | ||
− | Occasionally, or, OK, frequently, it's necessary to reliably setuid a script when this is otherwise prohibited. When that happens, write a wrapper. It's best NOT to make this a general purpose tool so as to not create yet another way for the NSA to get into your computer... | + | Occasionally, or, OK, sometimes frequently, it's necessary to reliably setuid a script when this is otherwise prohibited. When that happens, write a wrapper. Note that the security issues surrounding this are NOT discussed here. This article assumes you are not a n00b, and that you understand fully the security issues and implications. This article also assumes you already know about suid, creating C executables, and so on. It's best NOT to make this a general purpose tool so as to not create yet another way for the NSA (or other unauthorized entity) to get into your computer and become root... that's just one example of the errors in judgment that can be made with this info. Kids, don't try this at home. |
− | 1. Create your script | + | 1. Create your script. |
2. Write the wrapper: | 2. Write the wrapper: | ||
Line 26: | Line 26: | ||
4. setuid the executable | 4. setuid the executable | ||
<pre> | <pre> | ||
− | + | sudo -i | |
− | + | ||
chown root.root mywrapper | chown root.root mywrapper | ||
chmod 4755 mywrapper | chmod 4755 mywrapper |