Established method to enable suid scripts?

Jonathan McKeown j.mckeown at
Fri May 13 07:32:40 UTC 2011

On Thursday 12 May 2011 17:26:49 Chris Telting wrote:
> On 05/12/2011 07:57, Jonathan McKeown wrote:
> >
> > I'll say that again. It is inherently insecure to run an interpreted
> > program set-uid, because the filename is opened twice and there's no
> > guarantee that someone hasn't changed the contents of the file addressed
> > by that name between the first and second open.
> >
> > It's one thing to tell people they need to be careful with suid because
> > it has security implications. Deliberately introducing a well-known
> > security hole into the system would in my view be dangerous and wrong.
> That race condition bug was fixed in ancient times. Before Freebsd or
> Linux ever existed I believe. It's a meme that just won't die.  People
> accepted mediocrity in old commercial versions of Unix.  I personally am
> unsatisfied by kludges.

That seems somewhat unlikely given, as someone else pointed out upthread, that 
Perl still comes with a compile-time option SETUID_SCRIPTS_ARE_SECURE_NOW, 
suggesting that they often aren't. Yes, there are ways to avoid this race 
condition - the usual one is to pass a handle on the open file to the 
interpreter, rather than closing it and reopening it.

This fix is not present in every Unix or Unix-like OS. In particular (although 
I'm happy to be corrected if I'm wrong) it's not present in FreeBSD, to the 
best of my knowledge. Whether there's a reason for that other than lack of 
developer time I don't know.


More information about the freebsd-questions mailing list