| The answer is yes, provided that the script itself is started up
and run through the trusted path. In other words, the script needs
to be started up by the user entering it's name on the application
line of the "Start Application" option in the Trusted Path (dxtp)
menu.
If the user is not local to the machine, she/he would have to run
dxtp_remote and display it to her/his local system.
The easiest way to do this is to make a custom version of the scripts,
/bin/tpdump, /bin/tprestore (and /bin/tprestore_inner.sh) [ NOTE:
/bin/tprestore_inner.sh was not shipped on the V2.1 kit -- you have
to get it from the V2.1 patch kit via psycho's anonymous ftp or oskits
mls patches area).
/bin/tpdump is a shell script that starts up /bin/dump in the context
of a dxterm client running with the -tpath switch. It will only set
trusted path if you run it from the trusted path. Using this method,
you can start up any program that requires trusted path startup. You
pass it the command arguments to dump ($@) in the "Start Application"
box.
You can customize what your script does when it displays -- e.g., print
a menu or just execute some canned dump requests, for example.
/bin/tprestore is an example of an even more subtle way to invoke
a trusted path program. In order to do a restore, you must "cd" to
the directory into which you want to restore a dump saveset. Because
the "Start Application" Trusted Path environment uses only full
pathnames to prevent environment spoofing, you must pass the name of
the directory to which you want to "cd" for the restore to the shell
script as an option, "-C". This directory is "cd"'d to before invoking
the restore program within a second script, /bin/tprestore_inner.sh,
and passing it the remaining arguments on the command line with $@.
In any case, once you write your shell scripts, you should put them
in a non-world writable directory, and put entries for them in
/etc/auth/system/files.
|