Date: Sat, 29 Aug 2009 13:33:19 -0700 From: Michael David Crawford <mdc@prgmr.com> Cc: freebsd-questions@freebsd.org Subject: Re: SUID permission on Bash script Message-ID: <4A99908F.7090804@prgmr.com> In-Reply-To: <4A9971C5.1080308@infracaninophile.co.uk> References: <beaf3aa50908280124pbd2c760v8d51eb4ae965dedc@mail.gmail.com> <87y6p4pbd0.fsf@kobe.laptop> <20090829022431.5841d4de@gumby.homeunix.com> <4A98A8A1.7070305@prgmr.com> <4a98d375.W9fcoTOIN1DqRk/3%perryh@pluto.rain.com> <20090829134436.4461d8c9@gumby.homeunix.com> <4A9971C5.1080308@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Perhaps a better idea than a setuid shell script, would be to figure out 
just what it is about your script that really needs to be executed as root.
When write a C program that can do just that one thing - and absolutely 
nothing else.
If it takes any kind of input, or command line parameters, then it must 
validate them very carefully, to ensure that it's not being misused.
Then your script could call that C program whenever it needs that 
privileged operation performed.
Suppose you were to give the keys to your Lamborghini to a parking 
attendant.
Wouldn't you want to trust that he wasn't going to sell your Lamborghini 
to a chop shop?
Writing a setuid program is just like that: writing one poorly is like 
handing your race car keys to a car thief.
He might not steal your car today, but if you're not careful about how 
you hand out your trust, he will someday.
Mike
-- 
Michael David Crawford
mdc@prgmr.com
    prgmr.com - We Don't Assume You Are Stupid.
       Xen-Powered Virtual Private Servers: http://prgmr.com/xen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A99908F.7090804>
