Date: Mon, 24 Feb 1997 22:55:08 +0100 From: j@uriah.heep.sax.de (J Wunsch) To: hackers@freebsd.org Subject: Re: disallow setuid root shells? Message-ID: <Mutt.19970224225508.j@uriah.heep.sax.de> In-Reply-To: <Pine.BSF.3.95q.960108043026.5974A-100000@obiwan.aceonline.com.au>; from Adrian Chadd on Jan 8, 1996 04:35:15 %2B0800 References: <199702240549.VAA01306@lightside.com> <Pine.BSF.3.95q.960108043026.5974A-100000@obiwan.aceonline.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
As Adrian Chadd wrote: > From what I remember, perl has a > c-wrapper that it runs before running a setuid shell script that fixes up > the environment and other nice things, then runs the script. No, that's not just a C-wrapper. See my other posting. > By default, > if you use the setuid copy of perl as a script interpreter > (#!/usr/bin/sperl) and it detects that the script IS setuid root, it will > run it. That's an option, but not FreeBSD's default. On FreeBSD, you need to explicitly mention suidperl in the #! line. > If not, it won't run the script as root. I simply disable it on my > systems. ...and use hand-written setuid C programs instead? :-) I bet there are more security problems in them than in all setuid Perl scripts on the world. :-) -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Mutt.19970224225508.j>