From owner-freebsd-hackers@FreeBSD.ORG Fri Jul 24 07:02:12 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0F52A106566C for ; Fri, 24 Jul 2009 07:02:12 +0000 (UTC) (envelope-from j.mckeown@ru.ac.za) Received: from a.mail.ru.ac.za (a.mail.ru.ac.za [IPv6:2001:4200:1010::25:1]) by mx1.freebsd.org (Postfix) with ESMTP id 16FF58FC23 for ; Fri, 24 Jul 2009 07:02:11 +0000 (UTC) (envelope-from j.mckeown@ru.ac.za) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ru-msa; d=ru.ac.za; h=Received:From:Organization:To:Subject:Date:User-Agent:References:In-Reply-To:X-Face:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-Disposition:Message-Id:X-Virus-Scanned:X-Authenticated-User; b=Re+O4uIB5KEP+KS2bZ8e9wSNhLrk3CQegBCc5gIxrp836c41lGRYI33dyIYqhNMMEAoSTAeH5JOJ2a6q8zd88AvYdh4r1W/+7l/I5jj04gpRU1fWR+AnaBySR1G1DPQz; Received: from vorkosigan.ru.ac.za ([2001:4200:1010:1058:219:d1ff:fe9f:a932]:60274) by a.mail.ru.ac.za with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1MUEnB-000Dlu-PR for freebsd-hackers@freebsd.org; Fri, 24 Jul 2009 09:02:09 +0200 From: Jonathan McKeown Organization: Rhodes University To: freebsd-hackers@freebsd.org Date: Fri, 24 Jul 2009 09:02:09 +0200 User-Agent: KMail/1.9.10 References: <19939654343.20090722214221@mail.ru> <4a67ee8a.wIGNpBr1/a3vNK2S%perryh@pluto.rain.com> <44my6v8d97.fsf@be-well.ilk.org> In-Reply-To: <44my6v8d97.fsf@be-well.ilk.org> X-Face: $@VrUx^RHy/}yu]jKf/<4T%/d|F+$j-Ol2"2J$q+%OK1]&/G_S9(=?utf-8?q?HkaQ*=60!=3FYOK=3FY!=27M=60C=0A=09aP=5C9nVPF8Q=7DCilHH8l=3B=7E!4?= =?utf-8?q?2HK6=273lg4J=7Daz?=@1Dqqh:J]M^"YPn*2IWrZON$1+G?oX3@ =?utf-8?q?k=230=0A=0954XDRg=3DYn=5FF-etwot4U=24b?=dTS{i X-Virus-Scanned: a.mail.ru.ac.za (2001:4200:1010::25:1) X-Authenticated-User: s0900137 from vorkosigan.ru.ac.za (2001:4200:1010:1058:219:d1ff:fe9f:a932) using auth_plaintext Subject: Re: SGID/SUID on scripts X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Jul 2009 07:02:12 -0000 On Thursday 23 July 2009 20:28:52 Lowell Gilbert wrote: > perryh@pluto.rain.com writes: [snip description of shell opening a script, finding a #! line and passing a file descriptor for the opened script to the intended interpreter in /dev/fd/, to avoid a race condition where the shell opens the script, reads the #! line, closes it and hands off the filename to the intended interpreter to reopen what may now be a different file] > > I vaguely recall having seen a similar (or even identical) approach > > suggested some years ago. It may even have been implemented in some > > variant of Un*x. > > That's clever, but how would it work in practice, while common shells > and scripting languages may not implement their side of it? http://www.in-ulm.de/~mascheck/various/shebang/ claims that it's been implemented, in exactly the way described, in Solaris, OpenBSD and NetBSD (albeit as a kernel compile-time option in the latter two). (It's apparently also in IRIX and UnixWare). Given OpenBSD's admirable paranoia about security (hey, I'm a sysadmin: I never ask myself if I'm being paranoid, but if I'm being paranoid enough!) I'd have thought they would have explored the implications fully. Certainly other stuff knows about it. As I said yesterday, Perl describes the problem in its perlsec manpage/perldoc. The perl interpreter even has a build-time option, SETUID_SCRIPTS_ARE_SECURE_NOW - and the correct setting is supposedly detected as part of configure. There may well be some problems to overcome, but this doesn't appear to be unexplored territory. Jonathan