minimize use of root account

Matthew Seaman matthew at
Sat Feb 20 09:42:26 UTC 2016

On 19/02/2016 21:11, Polytropon wrote:
>> I thought suid scripts were disabled years ago because they were a major 
>> > security loophole?

> You're right - it's the case.
> % ll 
> -rwsr-sr-x  1 poly  poly  24 2016-02-19 19:25:20*
> % cat
> #!/bin/sh
> id -u
> whoami
> % ./
> 2000
> poly
> % sudo ./
> 0
> root
> I think this is fully intended.

Although 'no setuid scripts' is pretty well embedded in the Unix psyche,
I was under the impression the underlying problem had been fixed some
time ago.

The problem with a setuid script is that there is a window of
opportunity between the system opening the script, parsing the #! line,
firing up the appropriate interpreter and having that *reopen* the
script to execute it -- if you can replace the script at just the right
time, you can get anything executed with root permissions.

This was solved, as I recall, by the system passing its already open
file descriptor on the original script to the interpreter.  That
requires the fdescfs pseudo-filesystem to be mounted, which populates
/dev/fd. You need the full fdescfs mounted -- devfs only gives you
filedescriptor devices for stdin, stdout and stderr for a process, and
that's not enough.

Even so, irrespective of fdescfs being mounted or not, it seems setuid
scripts are still disallowed.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the freebsd-questions mailing list