/usr/local/etc/rc.d/ scripts and non-root user

[Matthew Seaman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

gs_stoller at juno.com wrote:
> On Wed, 06 Feb 2008, Alex Zbyslaw wrote
>                      SNIP
>> Setuid/gid bits on shell scripts aren't considered safe, however and may 
>> even be disabled.

> THERE IS NO REASON FOR THIS, JUST USE THE FILE-SYSTEM TO PROTECT THE
> FILES (MAKE THEM NOT WRITEABLE). Scripts are no more susceptible to
> sabotage and misuse than binary files, it is just that scripts can be
> more easily decoded and understood than binary files, and so
> management (that usually doesn't know much about a computer system)
> becomes frightened and issues orders to relieve their stress.

There's no particular reason that setuid bits on scripts are dangerous
nowadays.  However in the dim and distant past (before the millenium)
there used to be a race condition on opening files that meant it was
trivial to use a setuid script to get a shell running under the target
UID.  The horror of this situation seems to have branded itself so deeply
on the Unix psyche that even now, when that race condition has been
eliminated for many years, there is still a lingering reflex response:
"setuid scripts bad."

	Cheers,

	Matthew


- -- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                  Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHrsBR8Mjk52CukIwRCF9HAJ0RV95skb+MVcRjIJVpkLoVxId7BgCfQ14Y
VyixVUuRczh96zewYpx24ik=
=X1Lc
-----END PGP SIGNATURE-----