From owner-freebsd-hackers@FreeBSD.ORG Wed Jul 22 23:02:05 2009 Return-Path: Delivered-To: freebsd-hackers@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2BEA0106566B for ; Wed, 22 Jul 2009 23:02:05 +0000 (UTC) (envelope-from darksoul@darkbsd.org) Received: from shinigami.darkbsd.org (shinigami.darkbsd.org [82.227.96.182]) by mx1.freebsd.org (Postfix) with ESMTP id D3B168FC0A for ; Wed, 22 Jul 2009 23:02:04 +0000 (UTC) (envelope-from darksoul@darkbsd.org) Received: from localhost (localhost [127.0.0.1]) by shinigami.darkbsd.org (Postfix) with ESMTP id 77F485C4A for ; Thu, 23 Jul 2009 00:42:12 +0200 (CEST) Received: from shinigami.darkbsd.org ([127.0.0.1]) by localhost (quasar.darkbsd.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sm-ARtAp+tNq for ; Thu, 23 Jul 2009 00:42:04 +0200 (CEST) Received: from [192.168.0.84] (ilyasviel.darkbsd.org [192.168.0.84]) (Authenticated sender: darksoul) by shinigami.darkbsd.org (Postfix) with ESMTPSA id 9535E5C44 for ; Thu, 23 Jul 2009 00:42:04 +0200 (CEST) Message-ID: <4A6795E7.7020700@darkbsd.org> Date: Thu, 23 Jul 2009 00:42:47 +0200 From: DarkSoul User-Agent: Thunderbird 2.0.0.22 (Windows/20090605) MIME-Version: 1.0 To: freebsd-hackers@FreeBSD.org References: <19939654343.20090722214221@mail.ru> In-Reply-To: <19939654343.20090722214221@mail.ru> X-Enigmail-Version: 0.96.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigD4A4E0D5EA05166AC3E85EFF" X-Mailman-Approved-At: Wed, 22 Jul 2009 23:05:21 +0000 Cc: Subject: Re: SGID/SUID on scripts X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Jul 2009 23:02:05 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigD4A4E0D5EA05166AC3E85EFF Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Anthony Pankov wrote: > SGID/SUID bits don't work with shell scripts, do they? >=20 > And no mention in chmod(1,2) manual. They don't. One reason for this, is that if they were applied, the following would occur : - execve() syscall reads your script's shebang line, and the script interpreter is executed, receiving the specified arguments along with the script name. - The interpreter then open()s the script file to read it, and run the co= de. The problem you then are faced with, is that you have a time frame defined by the moment between the aforementioned execve() and open(), during which it could be possible to unlink/move/whatever the shell script the interpreter is going to open. You guess where this is going, you have no absolute way of guaranteeing you are executing the file you initially planned on opening because execution/opening/reading is not, and can't be done atomically for shell scripts. Cheers, --=20 Stephane LAPIE, EPITA SRS, Promo 2005 "Even when they have digital readouts, I can't understand them." --MegaTokyo --------------enigD4A4E0D5EA05166AC3E85EFF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkpnleoACgkQ24Ql8u6TF2O1tgCfdle8/7o/bupd3ZUOJQ1s+G5l exAAmQHna0uKG23cndYoA8pWfICLDgRa =wxNm -----END PGP SIGNATURE----- --------------enigD4A4E0D5EA05166AC3E85EFF--