Date: Fri, 24 Jul 2009 09:02:09 +0200 From: Jonathan McKeown <j.mckeown@ru.ac.za> To: freebsd-hackers@freebsd.org Subject: Re: SGID/SUID on scripts Message-ID: <200907240902.09609.j.mckeown@ru.ac.za> In-Reply-To: <44my6v8d97.fsf@be-well.ilk.org> References: <19939654343.20090722214221@mail.ru> <4a67ee8a.wIGNpBr1/a3vNK2S%perryh@pluto.rain.com> <44my6v8d97.fsf@be-well.ilk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 23 July 2009 20:28:52 Lowell Gilbert wrote: > perryh@pluto.rain.com writes: [snip description of shell opening a script, finding a #! line and passing a file descriptor for the opened script to the intended interpreter in /dev/fd/, to avoid a race condition where the shell opens the script, reads the #! line, closes it and hands off the filename to the intended interpreter to reopen what may now be a different file] > > I vaguely recall having seen a similar (or even identical) approach > > suggested some years ago. It may even have been implemented in some > > variant of Un*x. > > That's clever, but how would it work in practice, while common shells > and scripting languages may not implement their side of it? http://www.in-ulm.de/~mascheck/various/shebang/ claims that it's been implemented, in exactly the way described, in Solaris, OpenBSD and NetBSD (albeit as a kernel compile-time option in the latter two). (It's apparently also in IRIX and UnixWare). Given OpenBSD's admirable paranoia about security (hey, I'm a sysadmin: I never ask myself if I'm being paranoid, but if I'm being paranoid enough!) I'd have thought they would have explored the implications fully. Certainly other stuff knows about it. As I said yesterday, Perl describes the problem in its perlsec manpage/perldoc. The perl interpreter even has a build-time option, SETUID_SCRIPTS_ARE_SECURE_NOW - and the correct setting is supposedly detected as part of configure. There may well be some problems to overcome, but this doesn't appear to be unexplored territory. Jonathan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200907240902.09609.j.mckeown>