Date: Thu, 12 May 2011 10:53:46 -0400 From: Jerry McAllister <jerrymc@msu.edu> To: Chris Telting <christopher-ml@telting.org> Cc: Jerry McAllister <jerrymc@msu.edu>, freebsd-questions@freebsd.org Subject: Re: Established method to enable suid scripts? Message-ID: <20110512145346.GA48504@gizmo.acns.msu.edu> In-Reply-To: <4DCBEB1E.6090209@telting.org> References: <4DC9DE2C.6070605@telting.org> <20110511141420.GD41080@gizmo.acns.msu.edu> <4DCBEB1E.6090209@telting.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, May 12, 2011 at 07:13:50AM -0700, Chris Telting wrote: > On 05/11/2011 07:14, Jerry McAllister wrote: > >On Tue, May 10, 2011 at 05:54:04PM -0700, Chris Telting wrote: > > > >>I've googled for over an hour. > >> > >>I'm not looking to get into a discussion on security or previous bugs > >>that are currently fixed. Suid in and of itself is a security issue. > >>But if you are using suid it it should work; I don't want to use a > >>kludge and I don't want to use sudo. I'm hoping it's a setting that is > >>just disabled by default. > >My understanding is that in general the system does not allow SUID > >on scripts. The way I have gotten around that (a long time ago) > >was to create a small binary that exec's the script and making > >the binary SUID. > > > > Well it's all hacks and in my not so humble option like chasing your > tail. The assumption is that if someone creates an executable > (assumption is programming is C) they are more credible not to make > mistakes. That's a fallacy and just plain nuts. And I'm an interpreted > language snob saying that. Suid is either allowable or not and should > be a sysctl and apply equally to binaries and scripts. Yet another > thing to add to my project list. Anyone know of an established patch > for fix this freebsd issue or am I yet again going to have to create my own? Guess you will have to do your own. It's not a problem for the rest of us. ////jerry > > Either way thank you all again for your feedback. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110512145346.GA48504>