From owner-freebsd-questions@FreeBSD.ORG Wed May 11 07:40:54 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5ADBF1065672 for ; Wed, 11 May 2011 07:40:54 +0000 (UTC) (envelope-from perryh@pluto.rain.com) Received: from agora.rdrop.com (agora.rdrop.com [IPv6:2607:f678:1010::34]) by mx1.freebsd.org (Postfix) with ESMTP id 1F98D8FC15 for ; Wed, 11 May 2011 07:40:54 +0000 (UTC) Received: from agora.rdrop.com (66@localhost [127.0.0.1]) by agora.rdrop.com (8.13.1/8.12.7) with ESMTP id p4B7erdV057259 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 11 May 2011 00:40:53 -0700 (PDT) (envelope-from perryh@pluto.rain.com) Received: (from uucp@localhost) by agora.rdrop.com (8.13.1/8.12.9/Submit) with UUCP id p4B7erdU057258; Wed, 11 May 2011 00:40:53 -0700 (PDT) Received: from fbsd61 by pluto.rain.com (4.1/SMI-4.1-pluto-M2060407) id AA24981; Wed, 11 May 11 00:37:58 PDT Date: Wed, 11 May 2011 00:37:31 -0700 From: perryh@pluto.rain.com To: christopher-ml@telting.org Message-Id: <4dca3cbb.QpmIA2XKnwykNxE3%perryh@pluto.rain.com> References: <4DC9DE2C.6070605@telting.org> <4DCA1AE6.8050209@telting.org> In-Reply-To: <4DCA1AE6.8050209@telting.org> User-Agent: nail 11.25 7/29/05 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: dteske@vicor.com, freebsd-questions@freebsd.org Subject: Re: Established method to enable suid scripts? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 May 2011 07:40:54 -0000 Chris Telting wrote: > Seemed like I read that historically unix ran the #! command > as the suid when it executed the file. Did Freebsd delete > that functionality? (Otherwise how did suid scripts get the > bad reputation if they could never execute suid.) There have indeed been Unix (or Unix-like) systems that have implemented suid #! scripts. It did not take very long for someone to discover -- and demonstrate -- the massive security hole that they opened, which led to the capability being removed. IIUC this happened fairly early in the Berkeley era, long before FreeBSD existed as such. Thus it was a predecessor of FreeBSD, and not FreeBSD itself, from which the functionality was deleted. It _is_ possible in principle to close that particular security hole while retaining the suid #! functionality, but it requires coordination between the kernel and the interpreter (and, in the variant I'm aware of, the introduction of a fourth standard file identifier similar to the well-known stdin, stdout, and stderr). However, even supposing that this fix is applied, how certain can we be that there are no _other_ exposures? > I'm not exactly clear where the execute function is. I guessing > that it's not the shell doing the #! interpretation but rather the > execute function of the operating system. Correct. The exec function examines the first block of the file that is to be executed, and determines how to execute it by recognizing particular values in particular places. When the first two bytes are #!, the characters following the #! (up to the next whitespace) identify an interpreter which is executed, the name of the script being passed to the interpreter as a parameter. Presumably it would be possible for exec to recognize the suid bit on the script, and set the UID accordingly when executing the interpreter, but AFAIK there is no way to "configure" FreeBSD to do this; you would have to modify the kernel.