Established method to enable suid scripts?
j.mckeown at ru.ac.za
Wed May 11 09:59:54 UTC 2011
On Wednesday 11 May 2011 04:19:29 Devin Teske wrote:
> The reason that the suid bit doesn't work on scripts (shell, perl, or
> otherwise) is because these are essentially text files that are interpreted
> by their associated interpreter. It is the interpreter itself that must be
I'm pretty sure that's not the case, although I'm open to correction.
The reason the system ignores the suid bit on a script is because of what
would happen when it's executed:
1) the script is read from a file called <filename> and the system notices
that it needs to be interpreted by another program.
2) that program is launched and told to re-open the file named <filename> and
execute its contents with suid privilege.
The problem is a race condition: there's no guarantee that the filename opened
by the interpreter in step 2 is the same file the user executed in step 1.
There are two common ways round this: ignore the suid bit; or arrange within
the OS to pass a handle to the original file rather than a filename so that
the script can't be changed out from under the interpreter.
More information about the freebsd-questions