Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 13 May 2011 23:37:15 -0700
From:      perryh@pluto.rain.com
To:        christopher-ml@telting.org
Cc:        freebsd-questions@freebsd.org, kraduk@gmail.com
Subject:   Re: Established method to enable suid scripts?
Message-ID:  <4dce231b.lPvSOZwTWBHJ6Xj9%perryh@pluto.rain.com>
In-Reply-To: <4DCD02EF.7050808@telting.org>
References:  <4DC9DE2C.6070605@telting.org> <201105121657.57647.j.mckeown@ru.ac.za> <4DCBFC39.8060900@telting.org> <201105130932.32144.j.mckeown@ru.ac.za> <BANLkTin4rkQouSiOy4M1uu%2BqXSWJzF_STA@mail.gmail.com> <4DCD02EF.7050808@telting.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Chris Telting <christopher-ml@telting.org> wrote:

> let me ask you.. is "sudo ping" acceptable? Please explain the
> logical reason why not. It would be the preferred method if suid
> didn't exist and sudo was part of the base system.

Without suid there would be no sudo ;)

Part of the reason for ping being suid is historical -- it predates
the existence of sudo -- but it is nevertheless a very good example
of a program that really should be suid in its own right.

* It needs to run with root privileges (so it can bind a raw socket
  IIRC).

* It should be executable, with some restrictions on the intensity
  of the traffic it will generate, by any user.  (Granted many users
  have no clue what ping does or how to interpret the results, but
  it is often one of the first things a phone-support tech asks for
  if it looks as if the caller's problem might be network related.
  The user needs to be able to run the command so as to read back
  the results.)

* Those restrictions are removed when it is run by root (who is
  presumed to know the implications).

Yes, ping could be non-sudo and the restrictions could be imposed by
sudo, but this would come at a cost:

- Most if not all system users would need to be listed in the
  sudoers file, so that they could execute ping in connection with
  suspected network problems (see above).

- The command parameters would have to be parsed twice (once by sudo
  to decide whether to allow the operation, then again by ping to
  find out what it is supposed to do).



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4dce231b.lPvSOZwTWBHJ6Xj9%perryh>