[Kc] Shell script to execute system command as another user

David Nicol davidnicol at pay2send.com
Tue May 4 18:43:44 CDT 2004

As I understand it the big risk with set-UID programs is
the possibility that a user can alter the operation of the
run-time linking to run arbitrary code.

I believe this risk can be mitigated by creating
a statically linked compiled wrapper which is owned by cyrus
and, after performing any additional security checks, such
as verifying that certain environment variables are within
expectations, execs the script.

What other risks are associated with set-uid programs and
how can they be mitigated?

Frank Wiles wrote:
> On Mon, 03 May 2004 12:50:19 -0500
> Brad <brad at bradandkim.net> wrote:
>>On Mon, 2004-05-03 at 11:22, John Reinke wrote:
>>>I'd probably accomplish this through file permissions. Make the
>>>script owned by 'cyrus' and also use the set-ID option (see the
>>>chmod manpage). When it executes, it will execute as the file owner,
>>>no matter who runs it.

davidnicol at pay2send.com.
I know you, junk mail. Gonna miss you when you're gone

More information about the kc mailing list