SUID permission on Bash script
perryh at pluto.rain.com
perryh at pluto.rain.com
Sat Aug 29 07:11:14 UTC 2009
Michael David Crawford <mdc at prgmr.com> wrote:
> It's not that setuid shell scripts are really more
> inherently insecure than programs written in C.
Actually, absent some careful cooperation between the kernel
and the interpreter to prevent a race condition that can cause
the interpreter to run (with elevated permissions) a completely
different script than the one that was marked setuid, setuid
scripts _are_ insecure in a way that _cannot_ be fixed by any
degree of care that might be taken in the writing of the script.
Check the hackers@ archives. It was discussed a little over a
month ago.
More information about the freebsd-questions
mailing list