Re: running a background bash script as root. dangerous?

Unruh <unruh-spam@xxxxxxxxxxxxxx> (05-12-31 23:39:53):

> someone92@xxxxxxxxxxx writes:
> >Hi, I've made a bash shell script that may need to be run as root
> >(sometimes). The script will be run as cron job (and could be running
> >for hours when launched). I would like to know if it can be a
> >security issue to run a shell script as root? And what solution could
> >I use if it needs root previleges.
> It should be fine. No different than running the program as root from
> the console.

Some minor differences. Bash is running with a different configuration
for non-interactive shells (i.e. scripts).

> What is dangerous ( and bash will not let you do) is run a shell
> script as suid root.

It's not Bash, which doesn't let you; it's Linux. The SetUID bit on
non-binaries (scripts) has no effect. Hence you also cannot SUID a Perl
script to root. I don't know how it's handled, if the binary
(e.g. /bin/bash) is itself SUID to root, though.

> >I know that a perl script would be more safe, but I wanted to make a
> >shell script.
> No difference in safety.

It's easier to make mistakes in a shell script. Even though the Perl
syntax is horrible, the shell's syntax is even worse.


Relevant Pages

  • IBM Informix Web DataBlade: Local root by design
    ... IBM Informix Web DataBlade: Local root by design ... Impact: Any user who can: 1) Save a Perl script anywhere on the server's ... admin right on any database can do it by loading the WDB module into ...
  • RE: Linux hacked
    ... I would also suggest using a simple script in the future that alerts ... Subject: Linux hacked ... To get back into your account you want to use, at the boot manager ... boot normally and you should be able to login as root with your new ...
  • Re: FC7 - mkpasswd
    ... have to be root and it asks for your password. ... And you can script that from bash how Karl? ... The human race divides itself politically into those who want to be ...
  • Re: BSDstats v3.0 - The Security Rewrite
    ... The bsdstats script could easily pick up that entry and set ... a management machine, and that management machine only has ... Email is sent to root containing IDTOKEN= as generated by host, root forwards that to rpt@xxxxxxxxxxxx, rpt@xxxxxxxxxxxx sends back KEY= value ... second time, submits report values to root, root forwards that to rpt@xxxxxxxxxxxx ... ...
  • Re: Great SWT Program
    ... from a terminal emulator and log in as root there. ... terminal-emulator windows open, ... The script, suid-root utility, or whatever would ... the command interpreter with root privileges ...