Date: Fri, 24 Jul 2009 11:11:38 -0400 From: Lowell Gilbert <lgusenet@be-well.ilk.org> To: Jonathan McKeown <j.mckeown@ru.ac.za> Cc: freebsd-hackers@freebsd.org Subject: Re: SGID/SUID on scripts Message-ID: <44zlau6rpx.fsf@be-well.ilk.org> In-Reply-To: <200907240902.09609.j.mckeown@ru.ac.za> (Jonathan McKeown's message of "Fri\, 24 Jul 2009 09\:02\:09 %2B0200") References: <19939654343.20090722214221@mail.ru> <4a67ee8a.wIGNpBr1/a3vNK2S%perryh@pluto.rain.com> <44my6v8d97.fsf@be-well.ilk.org> <200907240902.09609.j.mckeown@ru.ac.za>
next in thread | previous in thread | raw e-mail | index | archive | help
Jonathan McKeown <j.mckeown@ru.ac.za> writes: > On Thursday 23 July 2009 20:28:52 Lowell Gilbert wrote: >> That's clever, but how would it work in practice, while common shells >> and scripting languages may not implement their side of it? > > http://www.in-ulm.de/~mascheck/various/shebang/ claims that it's been > implemented, in exactly the way described, in Solaris, OpenBSD and NetBSD > (albeit as a kernel compile-time option in the latter two). (It's apparently > also in IRIX and UnixWare). > > Given OpenBSD's admirable paranoia about security (hey, I'm a sysadmin: I > never ask myself if I'm being paranoid, but if I'm being paranoid enough!) > I'd have thought they would have explored the implications fully. They don't enable it by default, and they don't seem to recommend it. > Certainly other stuff knows about it. As I said yesterday, Perl describes the > problem in its perlsec manpage/perldoc. The perl interpreter even has a > build-time option, SETUID_SCRIPTS_ARE_SECURE_NOW - and the correct setting is > supposedly detected as part of configure. The problem I'm wondering about is that it doesn't matter what knows about it as long as there's an interpreter that *doesn't*. Anything that opens a script parameter on its own (there are other vulnerable approaches, but one's enough) will be insecure. I may well be missing something, of course. > There may well be some problems to overcome, but this doesn't appear to be > unexplored territory. Not entirely, but there may well be a reason it's never been in common use. - Lowell
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44zlau6rpx.fsf>