SGID/SUID on scripts
Jonathan McKeown
j.mckeown at ru.ac.za
Fri Jul 24 07:02:12 UTC 2009
On Thursday 23 July 2009 20:28:52 Lowell Gilbert wrote:
> perryh at pluto.rain.com writes:
[snip description of shell opening a script, finding a #! line and passing a
file descriptor for the opened script to the intended interpreter
in /dev/fd/, to avoid a race condition where the shell opens the script,
reads the #! line, closes it and hands off the filename to the intended
interpreter to reopen what may now be a different file]
> > I vaguely recall having seen a similar (or even identical) approach
> > suggested some years ago. It may even have been implemented in some
> > variant of Un*x.
>
> That's clever, but how would it work in practice, while common shells
> and scripting languages may not implement their side of it?
http://www.in-ulm.de/~mascheck/various/shebang/ claims that it's been
implemented, in exactly the way described, in Solaris, OpenBSD and NetBSD
(albeit as a kernel compile-time option in the latter two). (It's apparently
also in IRIX and UnixWare).
Given OpenBSD's admirable paranoia about security (hey, I'm a sysadmin: I
never ask myself if I'm being paranoid, but if I'm being paranoid enough!)
I'd have thought they would have explored the implications fully.
Certainly other stuff knows about it. As I said yesterday, Perl describes the
problem in its perlsec manpage/perldoc. The perl interpreter even has a
build-time option, SETUID_SCRIPTS_ARE_SECURE_NOW - and the correct setting is
supposedly detected as part of configure.
There may well be some problems to overcome, but this doesn't appear to be
unexplored territory.
Jonathan
More information about the freebsd-hackers
mailing list