Established method to enable suid scripts?
jerrymc at msu.edu
Thu May 12 14:57:01 UTC 2011
On Thu, May 12, 2011 at 07:13:50AM -0700, Chris Telting wrote:
> On 05/11/2011 07:14, Jerry McAllister wrote:
> >On Tue, May 10, 2011 at 05:54:04PM -0700, Chris Telting wrote:
> >>I've googled for over an hour.
> >>I'm not looking to get into a discussion on security or previous bugs
> >>that are currently fixed. Suid in and of itself is a security issue.
> >>But if you are using suid it it should work; I don't want to use a
> >>kludge and I don't want to use sudo. I'm hoping it's a setting that is
> >>just disabled by default.
> >My understanding is that in general the system does not allow SUID
> >on scripts. The way I have gotten around that (a long time ago)
> >was to create a small binary that exec's the script and making
> >the binary SUID.
> Well it's all hacks and in my not so humble option like chasing your
> tail. The assumption is that if someone creates an executable
> (assumption is programming is C) they are more credible not to make
> mistakes. That's a fallacy and just plain nuts. And I'm an interpreted
> language snob saying that. Suid is either allowable or not and should
> be a sysctl and apply equally to binaries and scripts. Yet another
> thing to add to my project list. Anyone know of an established patch
> for fix this freebsd issue or am I yet again going to have to create my own?
Guess you will have to do your own.
It's not a problem for the rest of us.
> Either way thank you all again for your feedback.
More information about the freebsd-questions