From owner-freebsd-questions  Tue Mar 11  2: 7:40 2003
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1DCCB37B404
	for <freebsd-questions@FreeBSD.ORG>; Tue, 11 Mar 2003 02:07:39 -0800 (PST)
Received: from ei.bzerk.org (ei.xs4all.nl [213.84.67.5])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2E68243F93
	for <freebsd-questions@FreeBSD.ORG>; Tue, 11 Mar 2003 02:07:37 -0800 (PST)
	(envelope-from fbsd-q@bzerk.org)
Received: from ei.bzerk.org (BOFH@localhost [127.0.0.1])
	by ei.bzerk.org (8.12.8/8.12.8) with ESMTP id h2BA7UxY096417;
	Tue, 11 Mar 2003 11:07:30 +0100 (CET)
	(envelope-from stable@ei.bzerk.org)
Received: (from stable@localhost)
	by ei.bzerk.org (8.12.8/8.12.8/Submit) id h2BA7Txn096416;
	Tue, 11 Mar 2003 11:07:29 +0100 (CET)
Date: Tue, 11 Mar 2003 11:07:29 +0100
From: Ruben de Groot <fbsd-q@bzerk.org>
To: Ryan Thompson <ryan@sasknow.com>
Cc: Paul Lathrop <plathrop@mqtweb.com>, freebsd-questions@FreeBSD.ORG
Subject: Re: your mail
Message-ID: <20030311100729.GA95889@ei.bzerk.org>
References: <5E789B70-538D-11D7-9C72-000393BF3DE2@mqtweb.com> <20030311004832.R34446-100000@ren.sasknow.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030311004832.R34446-100000@ren.sasknow.com>
User-Agent: Mutt/1.4i
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Tue, Mar 11, 2003 at 01:09:23AM -0600, Ryan Thompson typed:
> Paul Lathrop wrote to Ryan Thompson:
> 
> > > I'd also like to remind the original poster about the security
> > > risks associated with suid binaries. There are many subtle ways in
> > > which suid binaries can bite one in the ass... especially where
> > > other local users are present.
> >
> > Is just learning Perl an option here? Perl scripts aren't binaries -
> > to my understanding at least.
> 
> Correct. They're interpreted scripts, just like shell scripts. The
> only difference is, they're fed through /usr/bin/perl instead of
> /bin/sh. The operating system doesn't distinguish between them.
> 
> > Will they also be denied by the OS?
> 
> Yes.

True. But there is the suidperl binary to circumvent this. If your 
/usr/bin/suidperl is suid root (which it is not by default I believe), 
perl will honor the suid or sgid bits on your perlscripts.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message