Date: Sat, 29 Aug 2009 21:55:03 -0700 From: perryh@pluto.rain.com To: rwmaillists@googlemail.com Cc: freebsd-questions@freebsd.org Subject: Re: SUID permission on Bash script Message-ID: <4a9a0627.zA4OPJf/w06lQj0a%perryh@pluto.rain.com> In-Reply-To: <20090829134436.4461d8c9@gumby.homeunix.com> References: <beaf3aa50908280124pbd2c760v8d51eb4ae965dedc@mail.gmail.com> <87y6p4pbd0.fsf@kobe.laptop> <20090829022431.5841d4de@gumby.homeunix.com> <4A98A8A1.7070305@prgmr.com> <4a98d375.W9fcoTOIN1DqRk/3%perryh@pluto.rain.com> <20090829134436.4461d8c9@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
RW <rwmaillists@googlemail.com> wrote: > On Sat, 29 Aug 2009 00:06:29 -0700 > perryh@pluto.rain.com wrote: > > Actually, absent some careful cooperation between the > > kernel and the interpreter to prevent a race condition ... > > isn't that the same issue that Matthew Seaman was saying > was fixed years ago ... and is described in the follow-up: > http://www.mail-archive.com/freebsd-questions@freebsd.org/msg185145.html > > That's entirely in the kernel, it doesn't require interpreter > support. Er, I'm pretty sure it _does_ require support in the interpreter. It would do no good for the kernel to hand the interpreter an open descriptor if the interpreter did not somehow know to read the script from that open descriptor instead of opening the script file by name. This approach is exactly the "careful cooperation between the kernel and the interpreter" that I was referring to.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4a9a0627.zA4OPJf/w06lQj0a%perryh>