Date: Thu, 06 Sep 2001 00:56:00 +0200 From: Piet Delport <siberiyan@mweb.co.za> To: Giorgos Keramidas <charon@labs.gr> Cc: freebsd-chat@FreeBSD.ORG Subject: Re: Scripts and setuid Message-ID: <20010906005600.A4157@athalon> In-Reply-To: <20010905215258.A4304@hades.hell.gr> References: <999708032.3b96558062cd2@webmail.neomedia.it> <20010905204055.A268@athalon> <20010905215258.A4304@hades.hell.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
--Q68bSM7Ycu6FN28Q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, 05 Sep 2001 at 21:52:58 +0300, Giorgos Keramidas wrote: > On Wed, Sep 05, 2001 at 08:40:55PM +0200, Piet Delport wrote: > > That still leaves me with the original question though, why can't > > scripts be run setuid? >=20 > Allowing scripts to be run with setuid is VERY insecure. >=20 > It is very easy to set up the environment of the parent process and > execute a script with certain things in the environment that will > cheat and have the script execute code with elevated priviledges. True, but isn't the same thing generally true for non-script executables as well? How insecure is it, for example, to have a small setuid script (with basic checks in place like overriding PATH to something conservative, etc.) that writable only by root, and owned by root:bar, with the intent that users in group bar can execute it? I'm very probably missing something important (if so, please enlighten me), but how is the the above much worse than having a similar setuid binary doing the same? Thanks, --=20 Piet Delport <siberiyan@mweb.co.za> Today's subliminal thought is: --Q68bSM7Ycu6FN28Q Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7lq2AzRUP82sZFCcRAkn5AJoDiwIAEY8Qhymp912OM/kV/Nr8sQCgpJZJ vrEzuspbQysNsRFkpYVZThc= =kKU6 -----END PGP SIGNATURE----- --Q68bSM7Ycu6FN28Q-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010906005600.A4157>