Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 11 Apr 2006 19:18:43 +0400
From:      "Sply Splyeff" <lists@sply.org>
To:        Peter Jeremy <peterjeremy@optushome.com.au>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: setuid scripts wrapper (RFC, proposal)
Message-ID:  <web-5333059@inc.ru>
In-Reply-To: <web-5280144@inc.ru>

next in thread | previous in thread | raw e-mail | index | archive | help
I've uploaded suidscript.c with updates:
http://suidscript.sply.org/suidscript/suidscript.c
http://suidscript.sply.org/suidscript.tgz

Current implementation checks the safety of an interpreter path and of a script path - all nodes required to be owned by root or script owner and writable only by owner. It's a big limitation, but it works in most cases.

I've tried /dev/fd/ way, but it requires fdescfs mounted which is not common for different freebsd versions and sometimes seems a little buggy. I've included suidscript_fdesc.c which implements /dev/fd/*, but I haven't evere tested it because mount_fdescfs crashes.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?web-5333059>