From owner-freebsd-questions Thu Nov 6 12:48:06 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id MAA12159 for questions-outgoing; Thu, 6 Nov 1997 12:48:06 -0800 (PST) (envelope-from owner-freebsd-questions) Received: from schenectady.netmonger.net (schenectady.netmonger.net [209.54.21.143]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id MAA12151 for ; Thu, 6 Nov 1997 12:48:02 -0800 (PST) (envelope-from postmaster@schenectady.netmonger.net) Received: (from news@localhost) by schenectady.netmonger.net (8.8.5/8.8.5) id PAA23641 for freebsd-questions@freebsd.org; Thu, 6 Nov 1997 15:37:41 -0500 (EST) Received: from GATEWAY by schenectady.netmonger.net with netnews for freebsd-questions@freebsd.org (freebsd-questions@freebsd.org) To: freebsd-questions@freebsd.org Date: 6 Nov 1997 20:37:41 GMT From: chris@netmonger.net (Christopher Masto) Message-ID: <63t9ql$loi$2@schenectady.netmonger.net> Organization: NetMonger Communications Subject: Secure setuid scripts Sender: owner-freebsd-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Ok, this may actually be a stupid question, but here it is. I'm a very big fan of Perl and I tend to install it a lot. Every time, I get to this Configure question: Some kernels have a bug that prevents setuid #! scripts from being secure. Some sites have disabled setuid #! scripts because of this. First let's decide if your kernel supports secure setuid #! scripts. (If setuid #! scripts would be secure but have been disabled anyway, don't say that they are secure if asked.) If you are not sure if they are secure, I can check but I'll need a username and password different from the one you are using right now. If you don't have such a username or don't want me to test, simply enter 'none'. Other username to test security of setuid scripts with? [none] demo "su" will (probably) prompt you for demo's password. Password: I don't think setuid scripts are secure. Does your kernel have *secure* setuid scripts? [n] I'm never quite sure what to answer here. I tend to say "n" and enable setuid emulation, but I'd rather be a bit more clued-in. I seem to recall that I actually understood more of this at one point and it had something to do with a race condition and passing a file number and something about the fix involving /dev/fd/*. Is this fixed in FreeBSD? (-STABLE, -CURRENT, or -ANYWHERE?) If not, is there a reason? Thanks. -- = Christopher Masto = chris@netmonger.net = http://www.netmonger.net/ = = NetMonger Communications = finger for PGP key = $19.95/mo unlimited access = = Director of Operations = (516) 221-6664 = mailto:info@netmonger.net =