From owner-freebsd-questions@FreeBSD.ORG Fri May 13 07:32:40 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3761F1065672 for ; Fri, 13 May 2011 07:32:40 +0000 (UTC) (envelope-from j.mckeown@ru.ac.za) Received: from d.mail.ru.ac.za (d.mail.ru.ac.za [IPv6:2001:4200:1010::25:4]) by mx1.freebsd.org (Postfix) with ESMTP id 3915E8FC14 for ; Fri, 13 May 2011 07:32:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ru.ac.za; s=ru-msa; h=X-Authenticated-User:Message-Id:Content-Type:MIME-Version:Date:Subject:To:From; bh=++/nnfP2mbpwernAYMhiJZVEsJ/JhtyzK29fJYTUWoc=; b=CnwNLqYi+NI8p8MZtKATmeWsEPM1oBYvlOMYdjcSzvRU9MS/9F1iY0PwK6GbM4xubHsA0mchQrSyYfQmY0Y7AUAsTVD5acg0eH271Ty2hOHzXCvHXEk6GO+5GeaNQrdN; Received: from vorkosigan.ru.ac.za ([2001:4200:1010:1058:219:d1ff:fe9f:a932]:50624) by d.mail.ru.ac.za with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.75 (FreeBSD)) (envelope-from ) id 1QKmrQ-000Hm9-Di; Fri, 13 May 2011 09:32:32 +0200 From: Jonathan McKeown Organization: Rhodes University To: freebsd-questions@freebsd.org Date: Fri, 13 May 2011 09:32:32 +0200 User-Agent: KMail/1.9.10 References: <4DC9DE2C.6070605@telting.org> <201105121657.57647.j.mckeown@ru.ac.za> <4DCBFC39.8060900@telting.org> In-Reply-To: <4DCBFC39.8060900@telting.org> X-Face: $@VrUx^RHy/}yu]jKf/<4T%/d|F+$j-Ol2"2J$q+%OK1]&/G_S9(=?utf-8?q?HkaQ*=60!=3FYOK=3FY!=27M=60C=0A=09aP=5C9nVPF8Q=7DCilHH8l=3B=7E!4?= =?utf-8?q?2HK6=273lg4J=7Daz?=@1Dqqh:J]M^"YPn*2IWrZON$1+G?oX3@ =?utf-8?q?k=230=0A=0954XDRg=3DYn=5FF-etwot4U=24b?=dTS{i X-Virus-Scanned: d.mail.ru.ac.za (2001:4200:1010::25:4) X-Authenticated-User: s0900137 from vorkosigan.ru.ac.za (2001:4200:1010:1058:219:d1ff:fe9f:a932) using auth_plaintext Cc: Chris Telting Subject: Re: Established method to enable suid scripts? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2011 07:32:40 -0000 On Thursday 12 May 2011 17:26:49 Chris Telting wrote: > On 05/12/2011 07:57, Jonathan McKeown wrote: > > > > I'll say that again. It is inherently insecure to run an interpreted > > program set-uid, because the filename is opened twice and there's no > > guarantee that someone hasn't changed the contents of the file addressed > > by that name between the first and second open. > > > > It's one thing to tell people they need to be careful with suid because > > it has security implications. Deliberately introducing a well-known > > security hole into the system would in my view be dangerous and wrong. > > That race condition bug was fixed in ancient times. Before Freebsd or > Linux ever existed I believe. It's a meme that just won't die. People > accepted mediocrity in old commercial versions of Unix. I personally am > unsatisfied by kludges. That seems somewhat unlikely given, as someone else pointed out upthread, that Perl still comes with a compile-time option SETUID_SCRIPTS_ARE_SECURE_NOW, suggesting that they often aren't. Yes, there are ways to avoid this race condition - the usual one is to pass a handle on the open file to the interpreter, rather than closing it and reopening it. This fix is not present in every Unix or Unix-like OS. In particular (although I'm happy to be corrected if I'm wrong) it's not present in FreeBSD, to the best of my knowledge. Whether there's a reason for that other than lack of developer time I don't know. Jonathan