From owner-freebsd-questions@FreeBSD.ORG Fri May 13 09:28:38 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1884A106566B for ; Fri, 13 May 2011 09:28:38 +0000 (UTC) (envelope-from christopher-ml@telting.org) Received: from mail.telting.org (mail.telting.org [204.109.56.249]) by mx1.freebsd.org (Postfix) with ESMTP id E58CE8FC12 for ; Fri, 13 May 2011 09:28:37 +0000 (UTC) Received: from ares.local (cpe-76-168-204-255.socal.res.rr.com [76.168.204.255]) by mail.telting.org (Postfix) with ESMTP id 6D1AE2846A; Fri, 13 May 2011 09:28:36 +0000 (UTC) Message-ID: <4DCCF9C4.2040106@telting.org> Date: Fri, 13 May 2011 02:28:36 -0700 From: Chris Telting User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.2.17) Gecko/20110429 Thunderbird/3.1.10 MIME-Version: 1.0 To: Jonathan McKeown References: <4DC9DE2C.6070605@telting.org> <201105121657.57647.j.mckeown@ru.ac.za> <4DCBFC39.8060900@telting.org> <201105130932.32144.j.mckeown@ru.ac.za> In-Reply-To: <201105130932.32144.j.mckeown@ru.ac.za> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Established method to enable suid scripts? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2011 09:28:38 -0000 On 05/13/2011 00:32, Jonathan McKeown wrote: > On Thursday 12 May 2011 17:26:49 Chris Telting wrote: >> On 05/12/2011 07:57, Jonathan McKeown wrote: >>> I'll say that again. It is inherently insecure to run an interpreted >>> program set-uid, because the filename is opened twice and there's no >>> guarantee that someone hasn't changed the contents of the file addressed >>> by that name between the first and second open. >>> >>> It's one thing to tell people they need to be careful with suid because >>> it has security implications. Deliberately introducing a well-known >>> security hole into the system would in my view be dangerous and wrong. >> That race condition bug was fixed in ancient times. Before Freebsd or >> Linux ever existed I believe. It's a meme that just won't die. People >> accepted mediocrity in old commercial versions of Unix. I personally am >> unsatisfied by kludges. > That seems somewhat unlikely given, as someone else pointed out upthread, that > Perl still comes with a compile-time option SETUID_SCRIPTS_ARE_SECURE_NOW, > suggesting that they often aren't. Yes, there are ways to avoid this race > condition - the usual one is to pass a handle on the open file to the > interpreter, rather than closing it and reopening it. > > This fix is not present in every Unix or Unix-like OS. In particular (although > I'm happy to be corrected if I'm wrong) it's not present in FreeBSD, to the > best of my knowledge. Whether there's a reason for that other than lack of > developer time I don't know. > Indeed. I think it's more of a case that since you can't count on it on other systems (especially closed source systems) to disable it for portability reasons although I would loved to be proved wrong. Happy Friday.