Script with sensitive info

Steve Butler sbutler@fchn.com
Thu Jul 24 17:22:02 2003


UnixWare used to check the SUID and GUID bits on an script which I used so
that the script could read files that the user invoking the script couldn't.
For Linux I wrote a C program to emulate that when invoking a script.  

It means doing double de-referencing and that the user can't own the scripts
that read the data.  So far it has kept the developers from figuring out the
database passwords being used by the production scripts.

It is a hassle though having to read their scripts and then changing the
ownership (I read them to be sure they are not planting a "Cuckoo's Egg"
<<grin>>).

-----Original Message-----
From: Anthony E. Greene [mailto:agreene@pobox.com]
Sent: Thursday, July 24, 2003 7:18 AM
To: gnupg-users@gnupg.org
Subject: Re: Script with sensitive info


On 23-Jul-2003/15:48 -0600, Joseph Bruni <jbruni@mac.com> wrote:
>Make it executable but not readable.

Linux does not support that for scripts. You can only execute a script if
it is readable.

Tony
-- 
Anthony E. Greene <mailto:Anthony%20E.%20Greene%20%3Cagreene@pobox.com%3E>
OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26  C484 A42A 60DD 6C94 239D
AOL/Yahoo Messenger: TonyG05    HomePage: <http://www.pobox.com/~agreene/>
Linux. The choice of a GNU generation <http://www.linux.org/>


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.