Date: Sun, 15 May 2011 03:18:26 -0700 From: Chris Telting <christopher-ml@telting.org> To: Alejandro Imass <ait@p2ee.org> Cc: freebsd-questions@freebsd.org Subject: Re: Established method to enable suid scripts? Message-ID: <4DCFA872.9050208@telting.org> In-Reply-To: <BANLkTikqTNgaqFoRc7keOU_kp6ofTOMk2g@mail.gmail.com> References: <4DC9DE2C.6070605@telting.org> <201105121657.57647.j.mckeown@ru.ac.za> <4DCBFC39.8060900@telting.org> <201105130932.32144.j.mckeown@ru.ac.za> <BANLkTin4rkQouSiOy4M1uu%2BqXSWJzF_STA@mail.gmail.com> <4DCD02EF.7050808@telting.org> <BANLkTikqTNgaqFoRc7keOU_kp6ofTOMk2g@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 05/13/2011 14:34, Alejandro Imass wrote: > On Fri, May 13, 2011 at 6:07 AM, Chris Telting > <christopher-ml@telting.org> wrote: >> On 05/13/2011 01:32, krad wrote: > [...] >> me ask you.. is "sudo ping" acceptable? Please explain the logical reason >> why not. It would be the preferred method if suid didn't exist and sudo was >> part of the base system. > The sudo versus suid theme is discussed ad-nauseam in many lists and > forums, as well as the C wrappers for doing stuff suid. > IMHO, however, sudo can give you more granular control though > paradoxically relies on suid itself. > The question here is why make the whole freaking interpreter suid when > you can granularly control the specific script. > Anyway, I would personally use a wrapper or sudo. I honestly tried when I posted the question to avoid the question of right or wrong. I simply have one opinion for my own need and preference and don't want to go into rigid detail and did not mean to reopen the issue. I simply wanted to know if anyone had a patch already or a flag enabled it. It's similar to the phrase that if you have to ask you can't afford it except in this case it means you can. I have a feeling someone somewhere did it. If no one comes forward I will post a proper patch for review and maintain documentation of the pitfalls to the extent I can and that others forward to me. I have no desire to change Freebsd's standard practice. I leave that to the steering committee of each and every distribution of unix like systems. I am simply grateful to be able to make my development systems work the way I want it to because I want it to. It's a question of complete phylosophy to me as to the base unix permissions system. I simply know what appeals most to me the way that I use systems. We all love Freebsd because it means choice. I apologize to anyone that thinks I reopened a can of worms and wasted time, it was not my goal.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4DCFA872.9050208>