Re: SGI / SUID Scripts
Andrew Eye wrote:[color=blue]
> We've got a script running on an SGI box (IRIX 6.3) with permissions
> set 4750. I've turned off the nosuid config item via systune
> (nosuidshells=0) so I'm no longer getting the "Permission Denied"
> error I see posted so often, now I've got a new problem. The script
> now runs, but it fails to inherit the permissions of the owner. The
> script runs with the permissions of the user executing the script.
> The exact same script running on a Sun box works as expected,
> inheriting the permissions of the owner.
> I 've seen some references to changes in IRIX post v6.2 that include
> some "/dev/fd method" for closing security holes presented by suid
> scripts. Might this have something to do with our problem, given that
> we are running 6.3?
What write permissions are there on the file and its directory?
It might be that the write permission is too permissive and suid is being
ignored to prevent a possible security breach. E.g. group or other write
permission would enable some unscrupulous person to edit the script and run
the modified script suid. I don't know if IRIX does this as I never allow