HP-UX 11i Version 1.6 Release Notes
Commands and System Calls
execve() System Calls
Chapter 6
89
execve() System Calls
The execve[
*
]() system calls, in all their forms, load a program from an ordinary,
executable file into the current process, replacing the current program. The [
path
] or
[
file
] argument refers to either an executable object file or a file of data for an
interpreter. In the latter case, the file of data is also called a script file.
Summary of Change
The system call, execve()is changed in HP-UX 11i v1.6 as described in the following
two subsections:
Setuid/Setgid Script Support
A setuid file is one that, if executed, operates with the permissions of the owner of the
file, not of the person executing the file. A setgid file operates similarly with the
permissions of the group.
Details of Change
Beginning in this release, the kernel ignores
setuid
and
setgid
bits on scripts for
security reasons. This affects only the scripts, not the executables.
Impact
The setuid and setgid scripts will no longer function properly.
Compatibility
Due to these changes the setuid and setgid scripts no longer function properly.
Attempting to run setuid or setdgid scripts results in this warning message:
Warning: Ignoring setuid/setgid on “
/tmp/[abc]”
as the system tunable
“secure_sid_scripts” is set.
Additionally, this warning is sent to the controlling terminal, as well as, syslog.log
which is located in the /var/adm/syslog/ directory.
To obtain the HP-UX 11i v1.0 compatible behavior, set the dynamic tunable
secure_sid_scripts to 0. Refer to the kmtune (1) manpage for syntax and more
information.
IMPORTANT The setuid and setgid scripts pose a security threat, hence you should use this tunable
with great care.
Performance
Not applicable.
Obsolescence
As of HP-UX 11i v1.6, the kernel ignores
setuid
and
setgid
bits on scripts for security
reasons.