From owner-freebsd-questions@FreeBSD.ORG Sun Aug 30 05:00:51 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 34D461065674 for ; Sun, 30 Aug 2009 05:00:51 +0000 (UTC) (envelope-from perryh@pluto.rain.com) Received: from agora.rdrop.com (unknown [IPv6:2607:f678:1010::34]) by mx1.freebsd.org (Postfix) with ESMTP id 0C2638FC08 for ; Sun, 30 Aug 2009 05:00:51 +0000 (UTC) Received: from agora.rdrop.com (66@localhost [127.0.0.1]) by agora.rdrop.com (8.13.1/8.12.7) with ESMTP id n7U50osc017833 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sat, 29 Aug 2009 22:00:50 -0700 (PDT) (envelope-from perryh@pluto.rain.com) Received: (from uucp@localhost) by agora.rdrop.com (8.13.1/8.12.9/Submit) with UUCP id n7U50o2R017832; Sat, 29 Aug 2009 22:00:50 -0700 (PDT) Received: from fbsd61 by pluto.rain.com (4.1/SMI-4.1-pluto-M2060407) id AA01382; Sat, 29 Aug 09 21:51:37 PDT Date: Sat, 29 Aug 2009 21:55:03 -0700 From: perryh@pluto.rain.com To: rwmaillists@googlemail.com Message-Id: <4a9a0627.zA4OPJf/w06lQj0a%perryh@pluto.rain.com> References: <87y6p4pbd0.fsf@kobe.laptop> <20090829022431.5841d4de@gumby.homeunix.com> <4A98A8A1.7070305@prgmr.com> <4a98d375.W9fcoTOIN1DqRk/3%perryh@pluto.rain.com> <20090829134436.4461d8c9@gumby.homeunix.com> In-Reply-To: <20090829134436.4461d8c9@gumby.homeunix.com> User-Agent: nail 11.25 7/29/05 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: SUID permission on Bash script X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Aug 2009 05:00:51 -0000 RW wrote: > On Sat, 29 Aug 2009 00:06:29 -0700 > perryh@pluto.rain.com wrote: > > Actually, absent some careful cooperation between the > > kernel and the interpreter to prevent a race condition ... > > isn't that the same issue that Matthew Seaman was saying > was fixed years ago ... and is described in the follow-up: > http://www.mail-archive.com/freebsd-questions@freebsd.org/msg185145.html > > That's entirely in the kernel, it doesn't require interpreter > support. Er, I'm pretty sure it _does_ require support in the interpreter. It would do no good for the kernel to hand the interpreter an open descriptor if the interpreter did not somehow know to read the script from that open descriptor instead of opening the script file by name. This approach is exactly the "careful cooperation between the kernel and the interpreter" that I was referring to.