From owner-freebsd-questions  Tue Mar 11  8:39:57 2003
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9D1CD37B405
	for <freebsd-questions@FreeBSD.ORG>; Tue, 11 Mar 2003 08:39:56 -0800 (PST)
Received: from mired.org (ip68-97-54-220.ok.ok.cox.net [68.97.54.220])
	by mx1.FreeBSD.org (Postfix) with SMTP id F1AA443F3F
	for <freebsd-questions@FreeBSD.ORG>; Tue, 11 Mar 2003 08:39:51 -0800 (PST)
	(envelope-from mwm-dated-1047832791.f6bc73@mired.org)
Received: (qmail 29615 invoked from network); 11 Mar 2003 16:39:51 -0000
Received: from localhost.mired.org (HELO guru.mired.org) (127.0.0.1)
  by localhost.mired.org with SMTP; 11 Mar 2003 16:39:51 -0000
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15982.4438.239810.828045@guru.mired.org>
Date: Tue, 11 Mar 2003 10:39:50 -0600
To: Ruben de Groot <fbsd-q@bzerk.org>
Cc: Ryan Thompson <ryan@sasknow.com>,
	Paul Lathrop <plathrop@mqtweb.com>, freebsd-questions@FreeBSD.ORG
Subject: Re: your mail
In-Reply-To: <20030311100729.GA95889@ei.bzerk.org>
References: <5E789B70-538D-11D7-9C72-000393BF3DE2@mqtweb.com>
	<20030311004832.R34446-100000@ren.sasknow.com>
	<20030311100729.GA95889@ei.bzerk.org>
X-Mailer: VM 7.07 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid
X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;
	h9L,Yg`+vb1>RG% 	*h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\
From: Mike Meyer <mwm-dated-1047832791.f6bc73@mired.org>
X-Delivery-Agent: TMDA/0.71 (Hoop, Jr.)
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

In <20030311100729.GA95889@ei.bzerk.org>, Ruben de Groot <fbsd-q@bzerk.org> typed:
> True. But there is the suidperl binary to circumvent this. If your 
> /usr/bin/suidperl is suid root (which it is not by default I believe), 
> perl will honor the suid or sgid bits on your perlscripts.

I'd still recommend sudo instead of suid perl scripts. While it's
easier to write secure suid program in Perl than in C or the shell,
it's still difficult enough that I'd prefer having one trusted program
to writing a number of such scripts.

	<mike
-- 
Mike Meyer <mwm@mired.org>		http://www.mired.org/consulting.html
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message