[nSLUG] chmod +s , cupsd restart

Donald Teed dteed at artistic.ca
Thu Jun 19 17:10:40 ADT 2003


On Thu, 19 Jun 2003, Peter Cordes wrote:

>  The conventional wisdom about suid wrapper programs is that you should use
> exec(2), _not_ system(3), because system pays attention to all kinds of
> environment variables, and so is easier to exploit (i.e. harder to use
> securely).
> 
>  You could do away with the script entirely, and execl(2) killall -HUP
> cupsd.  (or even write your own code to read /var/run/cupsd.pid and kill(2)
> that pid.

Thanks for the tip/suggestion.

Here is what I tried.  It looked promising, but it
didn't actually trigger cupsd to reset.

I made this program:

main()
{ execl ("killall -HUP cupsd"); }

I compiled it, and did a chmod +s on a.out.  An ordinary
user could run it fine.  But no reset noted in /var/log/cups/error.log.
If I ran a.out as root I do see a verification of
cupsd rereading the files (as intended) in error.log

Any ideas?






More information about the nSLUG mailing list