Date: Thu, 6 Sep 2001 01:30:30 +0200 From: "Nicolas Rachinsky" <list@rachinsky.de> To: "Piet Delport" <siberiyan@mweb.co.za>, "Giorgos Keramidas" <charon@labs.gr> Cc: <freebsd-chat@FreeBSD.ORG> Subject: Re: Scripts and setuid Message-ID: <00c101c13662$c3716cd0$0364000a@abc> References: <999708032.3b96558062cd2@webmail.neomedia.it> <20010905204055.A268@athalon> <20010905215258.A4304@hades.hell.gr> <20010906005600.A4157@athalon>
next in thread | previous in thread | raw e-mail | index | archive | help
I don't know if this applies to FreeBSD, but I found the=20
following in the Perl documentation.
from perldoc perlsec:
Beyond the obvious problems that stem from giving special
privileges to systems as flexible as scripts, on many
versions of Unix, set-id scripts are inherently insecure
right from the start. The problem is a race condition in
the kernel. Between the time the kernel opens the file to
see which interpreter to run and when the (now-set-id)
interpreter turns around and reopens the file to interpret
it, the file in question may have changed, especially if
you have symbolic links on your system.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00c101c13662$c3716cd0$0364000a>