setuid scripts wrapper (RFC, proposal)
Sply Splyeff
lists at sply.org
Wed Apr 5 20:31:43 UTC 2006
There are some security problems with kernel-level script
setuid execution which discourage from using it. The standard
recommendation is to write a binary setuid wrapper for
each script needed. But maybe it's better to use one simple,
well reviewed and verified setuid wrapper for all common tasks?
And to use it in the distribution or at least, as a package.
I've tried to set up the stanard wrapper for our systems
which does following:
- verifies if scipt's file system allowed to run setuid
scrits
- clears all environment variables, or pass only desired,
or set to values from hash-line in the script
- closes all file descriptros > 2 if -c options is set
- checks if script file is write permission for anyone
http://suidscript.sply.org/suidscript/suidscript.c
http://suidscript.sply.org/suidscript/suidscriptperl
http://suidscript.sply.org/suidscript/test_perl
http://suidscript.sply.org/
Is it strong enough? Maybe there is any slippery ground
left?
More information about the freebsd-hackers
mailing list