Established method to enable suid scripts?
Jonathan McKeown
j.mckeown at ru.ac.za
Wed May 11 09:59:54 UTC 2011
On Wednesday 11 May 2011 04:19:29 Devin Teske wrote:
>
> The reason that the suid bit doesn't work on scripts (shell, perl, or
> otherwise) is because these are essentially text files that are interpreted
> by their associated interpreter. It is the interpreter itself that must be
> suid.
I'm pretty sure that's not the case, although I'm open to correction.
The reason the system ignores the suid bit on a script is because of what
would happen when it's executed:
1) the script is read from a file called <filename> and the system notices
that it needs to be interpreted by another program.
2) that program is launched and told to re-open the file named <filename> and
execute its contents with suid privilege.
The problem is a race condition: there's no guarantee that the filename opened
by the interpreter in step 2 is the same file the user executed in step 1.
There are two common ways round this: ignore the suid bit; or arrange within
the OS to pass a handle to the original file rather than a filename so that
the script can't be changed out from under the interpreter.
Jonathan
More information about the freebsd-questions
mailing list