From owner-freebsd-questions@FreeBSD.ORG Sat Aug 29 12:44:42 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EB9531065673 for ; Sat, 29 Aug 2009 12:44:42 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-ew0-f208.google.com (mail-ew0-f208.google.com [209.85.219.208]) by mx1.freebsd.org (Postfix) with ESMTP id 792318FC37 for ; Sat, 29 Aug 2009 12:44:42 +0000 (UTC) Received: by ewy4 with SMTP id 4so304756ewy.36 for ; Sat, 29 Aug 2009 05:44:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:in-reply-to:references:x-mailer:mime-version :content-type:content-transfer-encoding; bh=8VghKSlkUQ2HGfPPzWVBm0dzQr7rwaTvMIXLvcZ4Sac=; b=yF3uqrtrTfMPCckuvCc4qWvV5dknwGnyl4o96Cf2OaZoFz2/lbB/p8NtGbYN4SHCAn EFyMZHsB0vSHcwU65E2lYIMynvr1abN0eyvwNpXiJHMlB+IPOUCQoM1FCK/7mJVOUdy1 nj/ypo2AMK0b0m52wyOdCyFyuKm+PbhMGhTho= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; b=F1Suwhq0krGMSJlwXUmXwCqHtNILUKFUvw72kyCzeh97bkDkxeFOJBOv+kgS5kAlWe b96CfljhFcUUplNUoa2SibSBJulXE+A2YlIfMiI8UZ+DSgMOPWoA0f4TxxrCbBRcMi02 VdBGU3I4cmwALX6trdP/qGVaD4GWxGxi4sFJc= Received: by 10.210.7.17 with SMTP id 17mr2641901ebg.50.1251549880649; Sat, 29 Aug 2009 05:44:40 -0700 (PDT) Received: from gumby.homeunix.com (bb-87-81-140-128.ukonline.co.uk [87.81.140.128]) by mx.google.com with ESMTPS id 5sm199133eyf.15.2009.08.29.05.44.39 (version=SSLv3 cipher=RC4-MD5); Sat, 29 Aug 2009 05:44:40 -0700 (PDT) Date: Sat, 29 Aug 2009 13:44:36 +0100 From: RW To: freebsd-questions@freebsd.org Message-ID: <20090829134436.4461d8c9@gumby.homeunix.com> In-Reply-To: <4a98d375.W9fcoTOIN1DqRk/3%perryh@pluto.rain.com> References: <87y6p4pbd0.fsf@kobe.laptop> <20090829022431.5841d4de@gumby.homeunix.com> <4A98A8A1.7070305@prgmr.com> <4a98d375.W9fcoTOIN1DqRk/3%perryh@pluto.rain.com> X-Mailer: Claws Mail 3.7.2 (GTK+ 2.16.5; i386-portbld-freebsd7.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: SUID permission on Bash script X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Aug 2009 12:44:43 -0000 On Sat, 29 Aug 2009 00:06:29 -0700 perryh@pluto.rain.com wrote: > Michael David Crawford wrote: > > It's not that setuid shell scripts are really more > > inherently insecure than programs written in C. > > Actually, absent some careful cooperation between the kernel > and the interpreter to prevent a race condition that can cause > the interpreter to run (with elevated permissions) a completely > different script than the one that was marked setuid, setuid > scripts _are_ insecure in a way that _cannot_ be fixed by any > degree of care that might be taken in the writing of the script. > > Check the hackers@ archives. It was discussed a little over a > month ago. But is isn't that the same issue that Matthew Seaman was saying was fixed years ago (in the link I gave before), and is described in the follow-up: http://www.mail-archive.com/freebsd-questions@freebsd.org/msg185145.html That's entirely in the kernel, it doesn't require interpreter support.