From owner-freebsd-chat Wed Sep 5 11:52:49 2001 Delivered-To: freebsd-chat@freebsd.org Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by hub.freebsd.org (Postfix) with ESMTP id ABF7537B409 for ; Wed, 5 Sep 2001 11:52:42 -0700 (PDT) Received: from hades.hell.gr (patr530-a159.otenet.gr [212.205.215.159]) by mailsrv.otenet.gr (8.11.5/8.11.5) with ESMTP id f85Iqd729203; Wed, 5 Sep 2001 21:52:39 +0300 (EEST) Received: (from charon@localhost) by hades.hell.gr (8.11.6/8.11.6) id f85IqxG04364; Wed, 5 Sep 2001 21:52:59 +0300 (EEST) (envelope-from charon@labs.gr) Date: Wed, 5 Sep 2001 21:52:58 +0300 From: Giorgos Keramidas To: Piet Delport Cc: freebsd-chat@FreeBSD.ORG Subject: Re: Scripts and setuid Message-ID: <20010905215258.A4304@hades.hell.gr> References: <999708032.3b96558062cd2@webmail.neomedia.it> <20010905204055.A268@athalon> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010905204055.A268@athalon>; from pjd@siberiyan.dyndns.org on Wed, Sep 05, 2001 at 08:40:55PM +0200 X-PGP-Fingerprint: 3A 75 52 EB F1 58 56 0D - C5 B8 21 B6 1B 5E 4A C2 X-URL: http://students.ceid.upatras.gr/~keramida/index.html Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Sep 05, 2001 at 08:40:55PM +0200, Piet Delport wrote: > > That still leaves me with the original question though, why can't > scripts be run setuid? Allowing scripts to be run with setuid is VERY insecure. It is very easy to set up the environment of the parent process and execute a script with certain things in the environment that will cheat and have the script execute code with elevated priviledges. -giorgos To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message