Date: Tue, 11 Apr 2006 19:18:43 +0400 From: "Sply Splyeff" <lists@sply.org> To: Peter Jeremy <peterjeremy@optushome.com.au> Cc: freebsd-hackers@freebsd.org Subject: Re: setuid scripts wrapper (RFC, proposal) Message-ID: <web-5333059@inc.ru> In-Reply-To: <web-5280144@inc.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
I've uploaded suidscript.c with updates: http://suidscript.sply.org/suidscript/suidscript.c http://suidscript.sply.org/suidscript.tgz Current implementation checks the safety of an interpreter path and of a script path - all nodes required to be owned by root or script owner and writable only by owner. It's a big limitation, but it works in most cases. I've tried /dev/fd/ way, but it requires fdescfs mounted which is not common for different freebsd versions and sometimes seems a little buggy. I've included suidscript_fdesc.c which implements /dev/fd/*, but I haven't evere tested it because mount_fdescfs crashes.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?web-5333059>