Date: Thu, 6 Sep 2001 09:07:37 -0500 From: Mike Meyer <mwm@mired.org> To: Piet Delport <siberiyan@mweb.co.za> Cc: Kris Kennaway <kris@obsecurity.org>, Giorgos Keramidas <charon@labs.gr>, freebsd-chat@FreeBSD.ORG Subject: Re: Scripts and setuid Message-ID: <15255.33577.367972.284194@guru.mired.org> In-Reply-To: <20010906131141.B4157@athalon> References: <999708032.3b96558062cd2@webmail.neomedia.it> <20010905204055.A268@athalon> <20010905215258.A4304@hades.hell.gr> <20010906005600.A4157@athalon> <20010905161408.A80303@xor.obsecurity.org> <20010906131141.B4157@athalon>
next in thread | previous in thread | raw e-mail | index | archive | help
Piet Delport <siberiyan@mweb.co.za> types: > On Wed, 05 Sep 2001 at 16:14:08 -0700, Kris Kennaway wrote: > > On Thu, Sep 06, 2001 at 12:56:00AM +0200, Piet Delport wrote: > Which blows out of the water the idea that even if /bin/sh was too > vulnerable, other interpreters might be safe. Other interpreters just make the problem worse. Each scripting language has to provide all the facilities required to let people protect against all the problems. > Apparently the only exception to the above is perl (in the form of > suidperl or something), which is even used in the base system > (/usr/bin/keyinfo). First, perl isn't an exception. It's a lot safer than shell scripting because it can do real work without executing external code. It also provides "taint checking" which prevents you from accidently executing strings that came from the user. The latter is a major source of security holes in any programs with elevated privileges. But you still have to gaurd against the race condition problem. Second, keyinfo in the base system doesn't work in the default install. The suidperl program is installed with the suid bit off for security reasons. > I've also found the sudo package though, which seems to do achieve > roughly what i'm trying here, without the risk of setuid scripts. Neat. That's probably a good solution to your particular problem, yes. > So, next question, isn't it a good idea to mention this stuff in the > execve(2) (and/or chmod(1)) manpages, to prevent future confusion by > similar souls? Is this where i learn groff and join freebsd-doc? :) It would be nice if it were mentioned somewhere. It's just not clear where. But yeah, this would be a good starting point if yo want to contribute to the doc set. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15255.33577.367972.284194>