On Tue, Jan 09, 2001 at 11:08:12PM -0800, Henry House wrote:
[snip]
| It is a kernel restriction (warranted or paranoid as the case may be) but it
| can be bypassed if need be by writing a little C wrapper:
| #define REAL_PATH "/path/to/script"
| main(ac, av)
| char **av;
| {
| execv(REAL_PATH, av);
| }
|
| (Shamelessly ripped from perlsec(1p).)
|
Interesting. That's not ANSI C. (It's K&R style)
In ANSI C that would be : (note that it is bad style not to declare
int's, the argument types are declared inline with the signature
rather than on the next line, also I used the more traditional names
for the arguments but that is not significant)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#define REAL_PATH "/path/to/script"
int
main( int argc , char** argv )
{
execv( REAL_PATH , argv ) ;
}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Perl does this for you if you choose to use its setuid script facilities.
|
| --
| Henry House
| OpenPGP key available from http://hajhouse.org/hajhouse.asc
