Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 11 Mar 2003 11:07:29 +0100
From:      Ruben de Groot <fbsd-q@bzerk.org>
To:        Ryan Thompson <ryan@sasknow.com>
Cc:        Paul Lathrop <plathrop@mqtweb.com>, freebsd-questions@FreeBSD.ORG
Subject:   Re: your mail
Message-ID:  <20030311100729.GA95889@ei.bzerk.org>
In-Reply-To: <20030311004832.R34446-100000@ren.sasknow.com>
References:  <5E789B70-538D-11D7-9C72-000393BF3DE2@mqtweb.com> <20030311004832.R34446-100000@ren.sasknow.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 11, 2003 at 01:09:23AM -0600, Ryan Thompson typed:
> Paul Lathrop wrote to Ryan Thompson:
> 
> > > I'd also like to remind the original poster about the security
> > > risks associated with suid binaries. There are many subtle ways in
> > > which suid binaries can bite one in the ass... especially where
> > > other local users are present.
> >
> > Is just learning Perl an option here? Perl scripts aren't binaries -
> > to my understanding at least.
> 
> Correct. They're interpreted scripts, just like shell scripts. The
> only difference is, they're fed through /usr/bin/perl instead of
> /bin/sh. The operating system doesn't distinguish between them.
> 
> > Will they also be denied by the OS?
> 
> Yes.

True. But there is the suidperl binary to circumvent this. If your 
/usr/bin/suidperl is suid root (which it is not by default I believe), 
perl will honor the suid or sgid bits on your perlscripts.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030311100729.GA95889>