On 05/12/2011 07:57, Jonathan McKeown wrote:
On Thursday 12 May 2011 16:13:50 Chris Telting wrote:
On 05/11/2011 07:14, Jerry McAllister wrote:
On Tue, May 10, 2011 at 05:54:04PM -0700, Chris Telting wrote:
I've googled for over an hour.
I'm not looking to get into a discussion on security or previous bugs
that are currently fixed. Suid in and of itself is a security issue.
But if you are using suid it it should work; I don't want to use a
kludge and I don't want to use sudo. I'm hoping it's a setting that is
just disabled by default.
My understanding is that in general the system does not allow SUID
on scripts. The way I have gotten around that (a long time ago)
was to create a small binary that exec's the script and making
the binary SUID.
Well it's all hacks and in my not so humble option like chasing your
tail. The assumption is that if someone creates an executable
(assumption is programming is C) they are more credible not to make
mistakes. That's a fallacy and just plain nuts. And I'm an interpreted
language snob saying that. Suid is either allowable or not and should
be a sysctl and apply equally to binaries and scripts. Yet another
thing to add to my project list. Anyone know of an established patch
for fix this freebsd issue or am I yet again going to have to create my
own?
Have you appreciated the issue with suid on scripts? It's nothing at all to do
with whether someone writing a compiled language is a better programmer than
someone writing an interpreted language.
When the OS launches a binary, the file containing the program is opened once.
When the OS launches an interpreted program, the file is opened once to find
out which interpreter to run, and then the interpreter is told to re-open the
same filename - whose contents might meanwhile have changed.
I'll say that again. It is inherently insecure to run an interpreted program
set-uid, because the filename is opened twice and there's no guarantee that
someone hasn't changed the contents of the file addressed by that name
between the first and second open.
It's one thing to tell people they need to be careful with suid because it has
security implications. Deliberately introducing a well-known security hole
into the system would in my view be dangerous and wrong.
That race condition bug was fixed in ancient times. Before Freebsd or
Linux ever existed I believe. It's a meme that just won't die. People
accepted mediocrity in old commercial versions of Unix. I personally am
unsatisfied by kludges.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
