Date: Thu, 31 Dec 1998 20:47:13 -0800 From: "Ronald F. Guilmette" <rfg@monkeys.com> To: questions@FreeBSD.ORG Subject: /bin/sh -p broken? Message-ID: <32180.915166033@monkeys.com>
next in thread | raw e-mail | index | archive | help
OK folks, put down the champaign and come over here for a minute... I have a question. Is it just me or does the -p option to /bin/sh not actually do what it it is supposed to do? I tried using -p on the initial #!/bin/sh -p line in a shell script under (a) Solaris and also (b) under FreeBSD 2.2.8 and in the BSD case, it really didn't do what I was hoping it would do, and in fact, it doesn't seem to do anything at all (even though it _is_ document for /bin/sh as doing _something_... just what exactly I can't quite make out from the FreeBSD "sh" man page). The behavior of /bin/sh when invoked with the -p option under Solaris (or under any SVR4 based system) is quite clear. It prevents the invoked shell from dropping back and setting the effective uid to the real uid and the effective GID to the real gid. This is really quite handy, because it allows you to write setuid shell scripts.... and I happen to be in need of exactly such a thing right at the moment. Anyway, like I say, -p seems to work just dandy under Solaris, but the presence (or absence) of the -p option seem to no effect whatsoever under FreeBSD 2.2.8. Why not? I was really hoping that the functionality would be the same on both systems. Is there some magic thing that I have to diddle to make this work that I don't know about, or is the kernel just being obnoxious about it, and setting the effective uid/gid back to the real uid/gid before /bin/sh even gets a change to make up its mind about this? P.S. No flames please! I have just been perusing DejaNews and I see that there are plenty of people who are adamant about the potential dangers of setuid scripts. OK, so I understand they are potentially dangerous, but please cut me some slack. I'm just trying to get a job done here. When I die and go to BOFH heaven, and when _you_ inherit my old hardware, then you can do anything you like with it. But for now, I have work that needs to get done and I really kinda need /bin/sh -p to work... so why doesn't it? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?32180.915166033>