From owner-freebsd-chat Thu Sep 6 7: 7:42 2001 Delivered-To: freebsd-chat@freebsd.org Received: from guru.mired.org (okc-94-248-46.mmcable.com [24.94.248.46]) by hub.freebsd.org (Postfix) with SMTP id CCD0F37B408 for ; Thu, 6 Sep 2001 07:07:38 -0700 (PDT) Received: (qmail 99558 invoked by uid 100); 6 Sep 2001 14:07:37 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15255.33577.367972.284194@guru.mired.org> Date: Thu, 6 Sep 2001 09:07:37 -0500 To: Piet Delport Cc: Kris Kennaway , Giorgos Keramidas , freebsd-chat@FreeBSD.ORG Subject: Re: Scripts and setuid In-Reply-To: <20010906131141.B4157@athalon> References: <999708032.3b96558062cd2@webmail.neomedia.it> <20010905204055.A268@athalon> <20010905215258.A4304@hades.hell.gr> <20010906005600.A4157@athalon> <20010905161408.A80303@xor.obsecurity.org> <20010906131141.B4157@athalon> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Piet Delport types: > On Wed, 05 Sep 2001 at 16:14:08 -0700, Kris Kennaway wrote: > > On Thu, Sep 06, 2001 at 12:56:00AM +0200, Piet Delport wrote: > Which blows out of the water the idea that even if /bin/sh was too > vulnerable, other interpreters might be safe. Other interpreters just make the problem worse. Each scripting language has to provide all the facilities required to let people protect against all the problems. > Apparently the only exception to the above is perl (in the form of > suidperl or something), which is even used in the base system > (/usr/bin/keyinfo). First, perl isn't an exception. It's a lot safer than shell scripting because it can do real work without executing external code. It also provides "taint checking" which prevents you from accidently executing strings that came from the user. The latter is a major source of security holes in any programs with elevated privileges. But you still have to gaurd against the race condition problem. Second, keyinfo in the base system doesn't work in the default install. The suidperl program is installed with the suid bit off for security reasons. > I've also found the sudo package though, which seems to do achieve > roughly what i'm trying here, without the risk of setuid scripts. Neat. That's probably a good solution to your particular problem, yes. > So, next question, isn't it a good idea to mention this stuff in the > execve(2) (and/or chmod(1)) manpages, to prevent future confusion by > similar souls? Is this where i learn groff and join freebsd-doc? :) It would be nice if it were mentioned somewhere. It's just not clear where. But yeah, this would be a good starting point if yo want to contribute to the doc set. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message