On Mon, Dec 12, 2005 at 04:03:34PM +0100, Tollef Fog Heen wrote: > * Justin Pryzby > > | I don't suppose md5sums are available? Does the file change > | sufficiently often such that its not reasonable to hardcode an MD5? > > It doesn't change, and I have the hashes, so that might be a workable > approach. > > | Ah, maybe this bug is moot anyway. I seem to recall a thread on LKML > | (or was it a debian bug log?) where it was pointed out that there is > | no way to drop privileges in such a way that you can't get them back > | with seteuid(getsuid()). In which case, this bug lies in your hands, > | since I can't think of a clean way to have it run as a user which > | cannot regain privileges. > > setuid(2) seems to disagree with you (for suid root, and we wouldn't > be suid, we would be run by root). Bah, I don't know.
Hows this? md5good="d41d8cd98f00b204e9800998ecf8427e" # NEEDS CHANGING f=`mktemp` || exit 1; su -c "wget -O $f http://..."; nobody; echo "$md5good $f" |md5sum -c || { echo >&2 $0: MD5Sum failed!!; exit 1; } I don't know if it works in posix sh like posh or dash.. -- Clear skies, Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
