From owner-freebsd-questions@FreeBSD.ORG  Sat Sep 18 19:38:38 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CF76616A4CE
	for <freebsd-questions@freebsd.org>;
	Sat, 18 Sep 2004 19:38:38 +0000 (GMT)
Received: from ppsw-0.csi.cam.ac.uk (ppsw-0.csi.cam.ac.uk [131.111.8.130])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 092A543D31
	for <freebsd-questions@freebsd.org>;
	Sat, 18 Sep 2004 19:38:38 +0000 (GMT)	(envelope-from rtb27@cam.ac.uk)
Received: from rtb27.robinson.cam.ac.uk ([131.111.217.214]:50073)
	by ppsw-0.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.150]:465)
	with esmtp (SSLv3:RC4-MD5:128) (Exim 4.34) id 1C8l2X-0001yO-OW
	(return-path rtb27@cam.ac.uk); Sat, 18 Sep 2004 20:38:33 +0100
From: Richard Bradley <rtb27@cam.ac.uk>
To: Matthew Seaman <m.seaman@infracaninophile.co.uk>,
	mailing lists at MacTutor <lists@mactutor.biz>
Date: Sat, 18 Sep 2004 20:37:50 +0000
User-Agent: KMail/1.5.4
References: <200409171950.19717.rtb27@cam.ac.uk>
	<A21CB3BE-08EB-11D9-8547-000A95775140@mactutor.biz>
	<20040918113149.GC38377@happy-idiot-talk.infracaninophile.co.uk>
In-Reply-To: <20040918113149.GC38377@happy-idiot-talk.infracaninophile.co.uk>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200409182037.50882.rtb27@cam.ac.uk>
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
X-Cam-AntiVirus: No virus found
X-Cam-SpamDetails: Not scanned
cc: freebsd-questions@freebsd.org
Subject: Re: how to make an executable run as another user
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Sep 2004 19:38:39 -0000

I understand now. Thanks very much for all your help. 

Rich


On Saturday 18 September 2004 11:31 am, Matthew Seaman wrote:
> On Fri, Sep 17, 2004 at 04:53:31PM -0400, mailing lists at MacTutor wrote:
> > QUOTE: "In most UNIX kernels there exists what is called a 'race
> > condition' when executing scripts. Scripts are pieces of code which are
> > interpreted by, strangely enough, interpreters. Common examples of
> > interpreters are perl, sed, and awk. So when you have in your perl code
> > #!/usr/local/bin/perl it tells the operating system to start executing
> > the perl interpreter with the current script as input. Between the time
> > that the perl interpreter starts executing and the time that it reads
> > in your script the 'race condition' exists. At this time, a mischievous
> > person could 'win the race' and be able to replace your script with
> > another. And if your script is running as setuid, that person's script
> > would run as your user! So their script could do anything that you
> > could do from the command line. As a result, most UNIX kernels will
> > disable users from running scripts as setuid. The most common way
> > around this is to create a wrapper program around your script. A
> > wrapper, in this context, is a small program, possibly written in C,
> > that when executed will simply run your script. The 'race condition'
> > does not exist for real executables and so you won't be thwarted by the
> > kernel itself."
>
> Actually, this should no longer be a problem in any up to date version
> of Unix.  The race condition between the kernel reading the script to
> find what interpreter to invoke, and the interpreter then to read and
> interpret the script was solved by having the kernel pass an open
> filedescriptor on the script file to the interpreter.  One way of
> testing if your OS supports this is the presence of 'file descriptor'
> devices under /dev -- eg. under FreeBSD you get:
>
>     happy-idiot-talk:/usr/local/etc:% ls -la /dev/fd/*
>     crw-rw-rw-  1 root  wheel   22,   0 Jul  5 17:08 /dev/fd/0
>     crw-rw-rw-  1 root  wheel   22,   1 Jul  5 17:08 /dev/fd/1
>     crw-rw-rw-  1 root  wheel   22,   2 Jul  5 17:08 /dev/fd/2
>     crw-rw-rw-  1 root  wheel   22,   3 Jul  5 17:08 /dev/fd/3
>     crw-rw-rw-  1 root  wheel   22,   4 Jul  5 17:08 /dev/fd/4
>     crw-rw-rw-  1 root  wheel   22,   5 Jul  5 17:08 /dev/fd/5
>     crw-rw-rw-  1 root  wheel   22,   6 Jul  5 17:08 /dev/fd/6
>     crw-rw-rw-  1 root  wheel   22,   7 Jul  5 17:08 /dev/fd/7
>     crw-rw-rw-  1 root  wheel   22,   8 Jul  5 17:08 /dev/fd/8
>     crw-rw-rw-  1 root  wheel   22,   9 Jul  5 17:08 /dev/fd/9
>     [...]
>
> However, the horror has been so beaten into the collective unconscious
> inherited from earlier days of Unix that shell scripts are still
> automatically stripped of any setuid or setgid bits by default on most
> Unix variants.  I did see a setuid 'lp' script as a standard part of
> the lp system on a Solaris 8 box once -- took me a long time to
> convince myself it was actually safe.
>
> 	Cheers,
>
> 	Matthew