From owner-freebsd-questions@FreeBSD.ORG Thu May 12 14:13:52 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 87D89106566C for ; Thu, 12 May 2011 14:13:52 +0000 (UTC) (envelope-from christopher-ml@telting.org) Received: from mail.telting.org (mail.telting.org [204.109.56.249]) by mx1.freebsd.org (Postfix) with ESMTP id 614D08FC1D for ; Thu, 12 May 2011 14:13:52 +0000 (UTC) Received: from ares.local (cpe-76-168-204-255.socal.res.rr.com [76.168.204.255]) by mail.telting.org (Postfix) with ESMTP id 9FEF62846A; Thu, 12 May 2011 14:13:51 +0000 (UTC) Message-ID: <4DCBEB1E.6090209@telting.org> Date: Thu, 12 May 2011 07:13:50 -0700 From: Chris Telting User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.2.17) Gecko/20110429 Thunderbird/3.1.10 MIME-Version: 1.0 To: Jerry McAllister References: <4DC9DE2C.6070605@telting.org> <20110511141420.GD41080@gizmo.acns.msu.edu> In-Reply-To: <20110511141420.GD41080@gizmo.acns.msu.edu> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Established method to enable suid scripts? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2011 14:13:52 -0000 On 05/11/2011 07:14, Jerry McAllister wrote: > On Tue, May 10, 2011 at 05:54:04PM -0700, Chris Telting wrote: > >> I've googled for over an hour. >> >> I'm not looking to get into a discussion on security or previous bugs >> that are currently fixed. Suid in and of itself is a security issue. >> But if you are using suid it it should work; I don't want to use a >> kludge and I don't want to use sudo. I'm hoping it's a setting that is >> just disabled by default. > My understanding is that in general the system does not allow SUID > on scripts. The way I have gotten around that (a long time ago) > was to create a small binary that exec's the script and making > the binary SUID. > Well it's all hacks and in my not so humble option like chasing your tail. The assumption is that if someone creates an executable (assumption is programming is C) they are more credible not to make mistakes. That's a fallacy and just plain nuts. And I'm an interpreted language snob saying that. Suid is either allowable or not and should be a sysctl and apply equally to binaries and scripts. Yet another thing to add to my project list. Anyone know of an established patch for fix this freebsd issue or am I yet again going to have to create my own? Either way thank you all again for your feedback.