From owner-freebsd-chat Wed Sep 5 15:56: 2 2001 Delivered-To: freebsd-chat@freebsd.org Received: from msg-proxy3.mweb.co.za (msg-proxy3.mweb.co.za [196.2.46.21]) by hub.freebsd.org (Postfix) with ESMTP id 2B72237B405 for ; Wed, 5 Sep 2001 15:55:58 -0700 (PDT) Received: from siberiyan.dyndns.org ([196.30.181.37]) by msg-proxy3.mweb.co.za (iPlanet Messaging Server 5.1 (built May 7 2001)) with SMTP id <0GJ7000KXP15UQ@msg-proxy3.mweb.co.za> for freebsd-chat@FreeBSD.ORG; Thu, 06 Sep 2001 00:55:55 +0200 (SAST) Received: by siberiyan.dyndns.org (sSMTP sendmail emulation); Thu, 06 Sep 2001 00:56:00 +0200 Date: Thu, 06 Sep 2001 00:56:00 +0200 From: Piet Delport Subject: Re: Scripts and setuid In-reply-to: <20010905215258.A4304@hades.hell.gr> To: Giorgos Keramidas Cc: freebsd-chat@FreeBSD.ORG Message-id: <20010906005600.A4157@athalon> MIME-version: 1.0 Content-type: multipart/signed; boundary=Q68bSM7Ycu6FN28Q; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-disposition: inline User-Agent: Mutt/1.3.21i X-Operating-System: FreeBSD 4.4-RC X-Editor: VIM - Vi IMproved 6.0as BETA (http://www.vim.org/) X-Crypto: gpg (GnuPG) 1.0.6 (http://www.gnupg.org/) X-GPG-Key-ID: 0x6B191427 X-GPG-Fingerprint: C7FF A540 2199 F7BF 1933 5640 CD15 0FF3 6B19 1427 References: <999708032.3b96558062cd2@webmail.neomedia.it> <20010905204055.A268@athalon> <20010905215258.A4304@hades.hell.gr> Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --Q68bSM7Ycu6FN28Q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, 05 Sep 2001 at 21:52:58 +0300, Giorgos Keramidas wrote: > On Wed, Sep 05, 2001 at 08:40:55PM +0200, Piet Delport wrote: > > That still leaves me with the original question though, why can't > > scripts be run setuid? >=20 > Allowing scripts to be run with setuid is VERY insecure. >=20 > It is very easy to set up the environment of the parent process and > execute a script with certain things in the environment that will > cheat and have the script execute code with elevated priviledges. True, but isn't the same thing generally true for non-script executables as well? How insecure is it, for example, to have a small setuid script (with basic checks in place like overriding PATH to something conservative, etc.) that writable only by root, and owned by root:bar, with the intent that users in group bar can execute it? I'm very probably missing something important (if so, please enlighten me), but how is the the above much worse than having a similar setuid binary doing the same? Thanks, --=20 Piet Delport Today's subliminal thought is: --Q68bSM7Ycu6FN28Q Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7lq2AzRUP82sZFCcRAkn5AJoDiwIAEY8Qhymp912OM/kV/Nr8sQCgpJZJ vrEzuspbQysNsRFkpYVZThc= =kKU6 -----END PGP SIGNATURE----- --Q68bSM7Ycu6FN28Q-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message