On Wednesday 11 May 2011 04:19:29 Devin Teske wrote: > > The reason that the suid bit doesn't work on scripts (shell, perl, or > otherwise) is because these are essentially text files that are interpreted > by their associated interpreter. It is the interpreter itself that must be > suid.
I'm pretty sure that's not the case, although I'm open to correction. The reason the system ignores the suid bit on a script is because of what would happen when it's executed: 1) the script is read from a file called <filename> and the system notices that it needs to be interpreted by another program. 2) that program is launched and told to re-open the file named <filename> and execute its contents with suid privilege. The problem is a race condition: there's no guarantee that the filename opened by the interpreter in step 2 is the same file the user executed in step 1. There are two common ways round this: ignore the suid bit; or arrange within the OS to pass a handle to the original file rather than a filename so that the script can't be changed out from under the interpreter. Jonathan _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"