ugh, Linux ignores setuid on shell scripts because people are bad at writing shell scripts. so now i have a bunch of elfs w/ system()
No, the reason is much more subtle. There's an inherent race between kernel invoking suid interpreter & interpreter opening script.
-
-
In this race window you can rm the [symlink/hardlink to the] script and replace it with a malicious one.
-
oh, thanks for that. well, it'll do for changing the brightness on my laptop. all the interesting info is under uid 1000 anyway
-
clearly i'm not going for top-notch security on this one
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.