secure_sid_scripts man page on HP-UX

Man page or keyword search:  
man Server   10987 pages
apropos Keyword Search (all sections)
Output format
HP-UX logo
[printable version]

secure_sid_scripts(5)					 secure_sid_scripts(5)

NAME
       secure_sid_scripts - controls whether setuid and setgid bits on scripts
       are honored

VALUES
   Failsafe
   Default
   Allowed values
   Recommended values
DESCRIPTION
       This tunable controls whether and bits on executable scripts  have  any
       effect.	 Honoring  on  scripts	make  a system vulnerable to attack by
       malicious users.

       The default value for this variable is 1, indicating that bits  are  to
       be  ignored by the execve(2) system call for higher security.  The tun‐
       able can be set to 0 for a compatibility with  older  releases  at  the
       expense	of security.  Hewlett-Packard strongly recommends that you not
       change the value of this tunable unless there is an urgent need	to  do
       so.

       When a script with bits is executed, the kernel generates the following
       error message to both the terminal controlling and the system log.  (To
       view the error message, use dmesg(1M) or inspect

   Who is Expected to Change This Tunable?
       Administrator.

   Restrictions on Changing
       Changes	to  this tunable take effect for new scripts started after the
       change.

   When Should the Value of This Tunable Be Changed?
       This tunable controls operational  modes	 rather	 than  data  structure
       sizes  and  limits.   The  appropriate  setting for a system depends on
       whether you consider security or compatibility to be most important.

       A value of is compatible with previous releases of  HP-UX,  but	it  is
       also less secure.

       A  value of provides security against race condition attacks exploiting
       scripts.

   What Are the Side Effects of Changing the Value
       This tunable controls only executable scripts (not programs)  with  bit
       set.   HP-UX  does  not	ship  with  any such scripts.  If the customer
       wishes to use scripts, third party applications such as or can be used.
       Alternatively,  the  shell  script can be wrapped in a simple C program
       that runs the shell script with appropriate permissions:

   What Other Tunable Values Should Be Changed at the Same Time?
       None.

WARNINGS
       None.  All HP-UX kernel tunable parameters are release specific.	  This
       parameter may be removed or have its meaning changed in future releases
       of HP-UX.

       Installation of optional kernel software, from HP or other vendors, may
       cause  changes  to  tunable parameter values.  After installation, some
       tunable parameters may no longer be at the default or recommended  val‐
       ues.  For information about the effects of installation on tunable val‐
       ues, consult the documentation for the kernel software being installed.
       For  information	 about	optional  kernel  software  that  was  factory
       installed on your system, see at

FILES
AUTHOR
       was developed by HP.

SEE ALSO
       chmod(1), execve(2), kctune(1M).

			   Tunable Kernel Parameters	 secure_sid_scripts(5)
[top]

List of man pages available for HP-UX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net