From owner-freebsd-questions@FreeBSD.ORG Sat May 14 06:48:42 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C1E841065673 for ; Sat, 14 May 2011 06:48:42 +0000 (UTC) (envelope-from perryh@pluto.rain.com) Received: from agora.rdrop.com (agora.rdrop.com [IPv6:2607:f678:1010::34]) by mx1.freebsd.org (Postfix) with ESMTP id A05A28FC12 for ; Sat, 14 May 2011 06:48:42 +0000 (UTC) Received: from agora.rdrop.com (66@localhost [127.0.0.1]) by agora.rdrop.com (8.13.1/8.12.7) with ESMTP id p4E6mfjj025245 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 13 May 2011 23:48:41 -0700 (PDT) (envelope-from perryh@pluto.rain.com) Received: (from uucp@localhost) by agora.rdrop.com (8.13.1/8.12.9/Submit) with UUCP id p4E6mfbI025244; Fri, 13 May 2011 23:48:41 -0700 (PDT) Received: from fbsd61 by pluto.rain.com (4.1/SMI-4.1-pluto-M2060407) id AA06379; Fri, 13 May 11 23:37:47 PDT Date: Fri, 13 May 2011 23:37:15 -0700 From: perryh@pluto.rain.com To: christopher-ml@telting.org Message-Id: <4dce231b.lPvSOZwTWBHJ6Xj9%perryh@pluto.rain.com> References: <4DC9DE2C.6070605@telting.org> <201105121657.57647.j.mckeown@ru.ac.za> <4DCBFC39.8060900@telting.org> <201105130932.32144.j.mckeown@ru.ac.za> <4DCD02EF.7050808@telting.org> In-Reply-To: <4DCD02EF.7050808@telting.org> User-Agent: nail 11.25 7/29/05 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org, kraduk@gmail.com Subject: Re: Established method to enable suid scripts? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 May 2011 06:48:42 -0000 Chris Telting wrote: > let me ask you.. is "sudo ping" acceptable? Please explain the > logical reason why not. It would be the preferred method if suid > didn't exist and sudo was part of the base system. Without suid there would be no sudo ;) Part of the reason for ping being suid is historical -- it predates the existence of sudo -- but it is nevertheless a very good example of a program that really should be suid in its own right. * It needs to run with root privileges (so it can bind a raw socket IIRC). * It should be executable, with some restrictions on the intensity of the traffic it will generate, by any user. (Granted many users have no clue what ping does or how to interpret the results, but it is often one of the first things a phone-support tech asks for if it looks as if the caller's problem might be network related. The user needs to be able to run the command so as to read back the results.) * Those restrictions are removed when it is run by root (who is presumed to know the implications). Yes, ping could be non-sudo and the restrictions could be imposed by sudo, but this would come at a cost: - Most if not all system users would need to be listed in the sudoers file, so that they could execute ping in connection with suspected network problems (see above). - The command parameters would have to be parsed twice (once by sudo to decide whether to allow the operation, then again by ping to find out what it is supposed to do).