Established method to enable suid scripts?

Chris Telting christopher-ml at telting.org
Wed May 11 05:13:12 UTC 2011


On 05/10/2011 19:19, Devin Teske wrote:
> On May 10, 2011, at 5:54 PM, Chris Telting wrote:
>
>> I've googled for over an hour.
>>
>> I'm not looking to get into a discussion on security or previous bugs that are currently fixed.  Suid in and of itself is a security issue.  But if you are using suid it it should work; I don't want to use a kludge and I don't want to use sudo.  I'm hoping it's a setting that is just disabled by default.
> The reason that the suid bit doesn't work on scripts (shell, perl, or otherwise) is because these are essentially text files that are interpreted by their associated interpreter. It is the interpreter itself that must be suid.
>
> In other words, you'd have to do this (*WARNING* highly inadvisable -- even for the OP):
>
> 	sudo chmod u+s /bin/sh
>
> before you could have a shell script such as this:
>
> 	#!/bin/sh
> 	: anything
>
> run as the suid user (the owner of /bin/sh -- usually root).
I thought of that.  Seemed like I read that historically unix ran the #! 
command as the suid when it executed the file.  Did Freebsd delete that 
functionality?  (Otherwise how did suid scripts get the bad reputation 
if they could never execute suid.)

I'm not exactly clear where the execute function is.  I guessing that 
it's not the shell doing the #! interpretation but rather the execute 
function of the operating system.

Either way thanks for the feedback.



More information about the freebsd-questions mailing list