https://github.com/unleashed/suid-script

This package provides a tool to allow shell scripts to run honoring setuid modes
https://github.com/unleashed/suid-script

Last synced: 2 days ago
JSON representation

This package provides a tool to allow shell scripts to run honoring setuid modes

• Host: GitHub
• URL: https://github.com/unleashed/suid-script
• Owner: unleashed
• License: gpl-3.0
• Created: 2014-02-19T18:02:32.000Z (over 12 years ago)
• Default Branch: master
• Last Pushed: 2021-06-20T17:41:42.000Z (almost 5 years ago)
• Last Synced: 2023-03-11T09:56:23.883Z (over 3 years ago)
• Language: C
• Homepage:
• Size: 43 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Changelog: ChangeLog
  • License: COPYING

Awesome Lists containing this project

README

          
# suid-script

This package provides a tool to allow shell scripts to run honoring setuid

modes.

This allows a non-privileged user to run those scripts just as she would run

any other setuid binary. In order for this to happen securely you have to

install the setuid script without world nor group writable permissions and

enable the setuid and/or setgid permissions.

`suid-script` will run the shell script using the uid and gid of the user

owner and group owner if their respective setuid/setgid bits are enabled and

the script has no world or group writable permissions.

## Requirements

* A Unix-like OS.

* A shell script at /bin/sh

## Build & Install

This requires the GNU Autotools to build.

```

$ ./autogen.sh

$ ./configure && make && make install

```

## Shell script

The shebang line of shell scripts will NOT be respected. Instead, this

program will run `/bin/sh - `. You can however easily work around

this limitation by adding code to the script in which you test whether the

right shell is being used, and exec() again via the right one if not.

## FAQ

Q: Why?

A: Because it's been useful to me a couple times.

Q: Is this secure?

A: Likely not.

Q: Couldn't this use capabilities?

A: Patches welcome!

Q: Does it work on ?

A: It has been tested to work on Linux, FreeBSD and NetBSD.

Q: Is there a Debian/Ubuntu package?

A: There is a contrib package under `debian` that might or might not work. At

some point this was actually shipping, but nowadays it is untested.

Q: It does not work.

A: That's not a question. But check to see that `suid-script` is installed with

setuid root and that the script also has, at least, setuid , and that it

is not world or group writable.

Q: Why does the script break?

A: Either it requires a different shell than the system's `/bin/sh` and you

need to detect that it is running under not-the-right-shell and exec() itself

via the right one, or the different user/group under which it runs changes its

semantics.

Q: Is this being actively developed?

A: No, this is just a hack to get one job done - but: patches welcome!