Date: Tue, 10 May 2011 19:19:29 -0700 From: Devin Teske <dteske@vicor.com> To: Chris Telting <christopher-ml@telting.org> Cc: freebsd-questions@freebsd.org Subject: Re: Established method to enable suid scripts? Message-ID: <D66F1159-6815-4AD7-9687-FCF8969A4E66@vicor.com> In-Reply-To: <4DC9DE2C.6070605@telting.org> References: <4DC9DE2C.6070605@telting.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On May 10, 2011, at 5:54 PM, Chris Telting wrote: > I've googled for over an hour. >=20 > I'm not looking to get into a discussion on security or previous bugs tha= t are currently fixed. Suid in and of itself is a security issue. But if = you are using suid it it should work; I don't want to use a kludge and I do= n't want to use sudo. I'm hoping it's a setting that is just disabled by d= efault. The reason that the suid bit doesn't work on scripts (shell, perl, or other= wise) is because these are essentially text files that are interpreted by t= heir associated interpreter. It is the interpreter itself that must be suid. In other words, you'd have to do this (*WARNING* highly inadvisable -- even= for the OP): sudo chmod u+s /bin/sh before you could have a shell script such as this: #!/bin/sh : anything run as the suid user (the owner of /bin/sh -- usually root). --=20 Devin _____________ The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you. _____________
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D66F1159-6815-4AD7-9687-FCF8969A4E66>