From owner-freebsd-questions Mon Mar 10 23: 9:27 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7923337B401 for ; Mon, 10 Mar 2003 23:09:25 -0800 (PST) Received: from ren.sasknow.com (ren.sasknow.com [207.195.92.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id B53E243FAF for ; Mon, 10 Mar 2003 23:09:24 -0800 (PST) (envelope-from ryan@sasknow.com) Received: from earl.sasknow.net (earl.sasknow.net [207.195.92.130]) by ren.sasknow.com (8.12.3/8.12.6) with ESMTP id h2B79Op4081534; Tue, 11 Mar 2003 01:09:24 -0600 (CST) (envelope-from ryan@sasknow.com) Received: from ren (ren.sasknow.com [207.195.92.131]) by earl.sasknow.net (8.12.3/8.12.6) with ESMTP id h2B79NeH094039; Tue, 11 Mar 2003 01:09:23 -0600 (CST) (envelope-from ryan@sasknow.com) Date: Tue, 11 Mar 2003 01:09:23 -0600 (CST) From: Ryan Thompson To: Paul Lathrop Cc: freebsd-questions@freebsd.org Subject: Re: your mail In-Reply-To: <5E789B70-538D-11D7-9C72-000393BF3DE2@mqtweb.com> Message-ID: <20030311004832.R34446-100000@ren.sasknow.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Audit: Email processed by earl.sasknow.com filter Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Paul Lathrop wrote to Ryan Thompson: > > I'd also like to remind the original poster about the security > > risks associated with suid binaries. There are many subtle ways in > > which suid binaries can bite one in the ass... especially where > > other local users are present. > > Is just learning Perl an option here? Perl scripts aren't binaries - > to my understanding at least. Correct. They're interpreted scripts, just like shell scripts. The only difference is, they're fed through /usr/bin/perl instead of /bin/sh. The operating system doesn't distinguish between them. > Will they also be denied by the OS? Yes. > If Perl will solve the problem, I'll > just learn it sooner than I had planned :-) Perl can indeed solve many problems, but it won't, in general, solve your suid difficulties. I still recommend sudo. This ought to get you going: (cd /usr/ports/security/sudo && make all install) Documentation is available with the port, or here: http://www.courtesan.com/sudo/ You'll want to edit sudoers appropriately. The visudo command makes this quite easy, and there are plenty of resources on the web to get you going. If you're really new to these concepts, this will be a great learning experience for you, and should still take you less than an hour to install, read the documentation, and get a basic configuration going. (And once you've done it a few times, you'll be budgeting minutes in the low single digits :-) > Thanks for all your help! - Ryan -- Ryan Thompson SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message