From owner-freebsd-questions  Sat Jan 12  6:42:35 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from guru.mired.org (okc-65-31-201-166.mmcable.com [65.31.201.166])
	by hub.freebsd.org (Postfix) with SMTP id 169D637B41C
	for <questions@freebsd.org>; Sat, 12 Jan 2002 06:42:32 -0800 (PST)
Received: (qmail 63802 invoked by uid 100); 12 Jan 2002 14:42:30 -0000
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15424.19286.197466.850413@guru.mired.org>
Date: Sat, 12 Jan 2002 08:42:30 -0600
To: Milo Hyson <milo@cyberlifelabs.com>
Cc: questions@freebsd.org
Subject: Re: Setuid.
In-Reply-To: <121654390@toto.iv>
X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid
X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG%
 *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\
From: "Mike Meyer" <mwm-dated-1011278550.a3133f@mired.org>
X-Delivery-Agent: TMDA/0.43 (Python 2.2; freebsd-4.4-STABLE-i386)
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Milo Hyson <milo@cyberlifelabs.com> types:
> On Thursday 03 January 2002 09:23 am, Dave Raven wrote:
> > Why am I getting?:
> > su-2.05$ /usr/optec/bwutil.pl
> > Can't do setuid
> 
> By default, FreeBSD doesn't allow scripts (Perl included) to run as SUID. 
> It's a potential security problem. There is a way to disable this, but I'm 
> not sure what the procedure is. I think it's an option in the kernel.
> 
> Actually, I would like to know a decent solution to this issue. I often need 
> SUID Perl scripts myself, and I don't want to have to disable security 
> features or resort to a C wrapper.

You can't have it both ways. You either have to take the security
problems of suidperl - which exists to work around the security
problems inherent in suid interpreted scripts in general - or have a C
wrapper.

You might want to look into sudo, which can be viewed as a
configurable C wrapper.

	<mike
--
Mike Meyer <mwm@mired.org>			http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message