From: prl@iis.ethz.ch (Peter Lamb) Newsgroups: alt.sources Subject: Re: sux, an enhancer for su Message-ID: Date: 26 Apr 91 07:07:20 GMT peltz@cerl.uiuc.edu (Steve Peltz) writes: >WILL work, wouldn't the following one-line shell script do just as well? N O O O O O O O O !!!!!! >Maybe there's a reason; maybe the "groups" command is Sun specific or >something... No. >Don't forget to change it to be owned by root and setuid and executable... If I can execute a setuid root script I can become root (independent of its contents). So can a very large range of other people. Some of them not friendly enough to warn you about it. >Sorry - not in shar format; why put in an extra 20 lines to wrap 2? >#!/bin/sh >groups | grep -s wheel && su $* || echo Sorry Don't do it ! Don't install this script. Don't make it set{uid,gid}. Setuid shell scripts are security holes! -- Peter Lamb uucp: uunet!mcsun!ethz!prl eunet: prl@iis.ethz.ch Tel: +411 256 5241 Integrated Systems Laboratory ETH-Zentrum, 8092 Zurich