Established method to enable suid scripts?
Chris Telting
christopher-ml at telting.org
Thu May 12 15:26:51 UTC 2011
On 05/12/2011 07:57, Jonathan McKeown wrote:
> On Thursday 12 May 2011 16:13:50 Chris Telting wrote:
>> On 05/11/2011 07:14, Jerry McAllister wrote:
>>> On Tue, May 10, 2011 at 05:54:04PM -0700, Chris Telting wrote:
>>>> I've googled for over an hour.
>>>>
>>>> I'm not looking to get into a discussion on security or previous bugs
>>>> that are currently fixed. Suid in and of itself is a security issue.
>>>> But if you are using suid it it should work; I don't want to use a
>>>> kludge and I don't want to use sudo. I'm hoping it's a setting that is
>>>> just disabled by default.
>>> My understanding is that in general the system does not allow SUID
>>> on scripts. The way I have gotten around that (a long time ago)
>>> was to create a small binary that exec's the script and making
>>> the binary SUID.
>> Well it's all hacks and in my not so humble option like chasing your
>> tail. The assumption is that if someone creates an executable
>> (assumption is programming is C) they are more credible not to make
>> mistakes. That's a fallacy and just plain nuts. And I'm an interpreted
>> language snob saying that. Suid is either allowable or not and should
>> be a sysctl and apply equally to binaries and scripts. Yet another
>> thing to add to my project list. Anyone know of an established patch
>> for fix this freebsd issue or am I yet again going to have to create my
>> own?
> Have you appreciated the issue with suid on scripts? It's nothing at all to do
> with whether someone writing a compiled language is a better programmer than
> someone writing an interpreted language.
>
> When the OS launches a binary, the file containing the program is opened once.
>
> When the OS launches an interpreted program, the file is opened once to find
> out which interpreter to run, and then the interpreter is told to re-open the
> same filename - whose contents might meanwhile have changed.
>
> I'll say that again. It is inherently insecure to run an interpreted program
> set-uid, because the filename is opened twice and there's no guarantee that
> someone hasn't changed the contents of the file addressed by that name
> between the first and second open.
>
> It's one thing to tell people they need to be careful with suid because it has
> security implications. Deliberately introducing a well-known security hole
> into the system would in my view be dangerous and wrong.
That race condition bug was fixed in ancient times. Before Freebsd or
Linux ever existed I believe. It's a meme that just won't die. People
accepted mediocrity in old commercial versions of Unix. I personally am
unsatisfied by kludges.
More information about the freebsd-questions
mailing list