From: David Chamont <chamont@polhp3.in2p3.fr>
To: Zoltan Hidvegi <hzoli@cs.elte.hu>
Cc: zsh-users@math.gatech.edu
Subject: Re: newgrp
Date: Thu, 12 Dec 1996 15:06:15 +0100 [thread overview]
Message-ID: <32B01157.24A1@polhp3.in2p3.fr> (raw)
In-Reply-To: <199612121344.OAA10133@bolyai.cs.elte.hu>
>
> That's because on Unix systems superuser privileges are required to change
> the primary group id. There is nothing in zsh which would prevent changing
> the GID parameter. If it fails it fails because the OS refused change it.
> Of course some trickery with chgrp and setgid might also help but on secure
> systems normal users have no write access to suid mounted filesystems.
> Also secure systems does not use HP, or if ther use, they definitely do not
> keep suid newgrp since a root exploit was posted recently to bugtraq using
> HP's newgrp (where you can find one or two HP root exploits every week so
> if you subscribe it will not be difficult to install the missing newgrp on
> your machine).
>
It is probably not the best solution, but I went around the lack of
newgrp command by writing the following script, and then asked my
administrator to change the owner to root and mode to 4755,
and finally add the alias newgrp='exec newgrp'.
At least it works !
--------------------------------------------
#!/usr/local/bin/zsh
accord=non
for g in `groups` ; do
if [[ $g = "$1" ]] ; then
group=`ypcat group | grep "^${1}:"`
GID=${${group%:*}##*:}
fi
done
EUID=$UID
exec zsh
--------------------------------------------
Thanks to the people who respond to my question and helped
me find out this solution.
==========================================================================
David Chamont - LPNHE
chamont@polhp3.in2p3.fr
Ecole Polytechnique
01.69.33.44.04
91128 Palaiseau - France
http://polhp5.in2p3.fr:8000/~chamont/
next prev parent reply other threads:[~1996-12-12 14:31 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <32AFD799.7407@polhp3.in2p3.fr>
1996-12-12 10:17 ` newgrp Peter Stephenson
1996-12-12 13:44 ` newgrp Zoltan Hidvegi
1996-12-12 14:06 ` David Chamont [this message]
1996-12-12 14:18 ` newgrp Zoltan Hidvegi
1996-12-12 16:25 ` newgrp Richard Coleman
1996-12-11 18:29 newgrp David Chamont
1996-12-12 9:10 ` newgrp Peter Stephenson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=32B01157.24A1@polhp3.in2p3.fr \
--to=chamont@polhp3.in2p3.fr \
--cc=hzoli@cs.elte.hu \
--cc=zsh-users@math.gatech.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).