From owner-freebsd-questions Mon Mar 10 22:36:49 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F0A537B401 for ; Mon, 10 Mar 2003 22:36:47 -0800 (PST) Received: from ren.sasknow.com (ren.sasknow.com [207.195.92.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1BF6B43F3F for ; Mon, 10 Mar 2003 22:36:46 -0800 (PST) (envelope-from ryan@sasknow.com) Received: from earl.sasknow.net (earl.sasknow.net [207.195.92.130]) by ren.sasknow.com (8.12.3/8.12.6) with ESMTP id h2B6ajp4078410; Tue, 11 Mar 2003 00:36:45 -0600 (CST) (envelope-from ryan@sasknow.com) Received: from ren (ren.sasknow.com [207.195.92.131]) by earl.sasknow.net (8.12.3/8.12.6) with ESMTP id h2B6ajZ0093933; Tue, 11 Mar 2003 00:36:45 -0600 (CST) (envelope-from ryan@sasknow.com) Date: Tue, 11 Mar 2003 00:36:45 -0600 (CST) From: Ryan Thompson To: DoubleF Cc: Paul Lathrop , Subject: Re: your mail In-Reply-To: <20030311061440.22593.qmail@mx.tele-kom.ru> Message-ID: <20030311002655.X34446-100000@ren.sasknow.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Audit: Email processed by earl.sasknow.com filter Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG DoubleF wrote to Paul Lathrop: > Hi, > > > Thanks for your response. Now my question is - how does one > > automate tasks requiring root privileges? > > When one does not know Perl, one uses C programs, I suppose. They > are real binaries, and can be suid. It works. > Just mind your security... :-) I'll second that. I'm just shuddering at the thought a production server somewhere with a whole platoon of 10- or 20-line quickly hacked and poorly maintained C programs, all suid root. Not saying that shell scripts can't be quickly hacked or poorly maintained either, but at least their correctness is typically a little easier to verify, and you don't normally have to worry about unfortunate things like buffer overflows. I'd also like to remind the original poster about the security risks associated with suid binaries. There are many subtle ways in which suid binaries can bite one in the ass... especially where other local users are present. - Ryan -- Ryan Thompson SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message