Date: Tue, 11 Mar 2003 01:09:23 -0600 (CST) From: Ryan Thompson <ryan@sasknow.com> To: Paul Lathrop <plathrop@mqtweb.com> Cc: freebsd-questions@freebsd.org Subject: Re: your mail Message-ID: <20030311004832.R34446-100000@ren.sasknow.com> In-Reply-To: <5E789B70-538D-11D7-9C72-000393BF3DE2@mqtweb.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Paul Lathrop wrote to Ryan Thompson: > > I'd also like to remind the original poster about the security > > risks associated with suid binaries. There are many subtle ways in > > which suid binaries can bite one in the ass... especially where > > other local users are present. > > Is just learning Perl an option here? Perl scripts aren't binaries - > to my understanding at least. Correct. They're interpreted scripts, just like shell scripts. The only difference is, they're fed through /usr/bin/perl instead of /bin/sh. The operating system doesn't distinguish between them. > Will they also be denied by the OS? Yes. > If Perl will solve the problem, I'll > just learn it sooner than I had planned :-) Perl can indeed solve many problems, but it won't, in general, solve your suid difficulties. I still recommend sudo. This ought to get you going: (cd /usr/ports/security/sudo && make all install) Documentation is available with the port, or here: http://www.courtesan.com/sudo/ You'll want to edit sudoers appropriately. The visudo command makes this quite easy, and there are plenty of resources on the web to get you going. If you're really new to these concepts, this will be a great learning experience for you, and should still take you less than an hour to install, read the documentation, and get a basic configuration going. (And once you've done it a few times, you'll be budgeting minutes in the low single digits :-) > Thanks for all your help! - Ryan -- Ryan Thompson <ryan@sasknow.com> SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030311004832.R34446-100000>