From owner-freebsd-questions@FreeBSD.ORG Sat Aug 29 20:33:23 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B3616106566B for ; Sat, 29 Aug 2009 20:33:23 +0000 (UTC) (envelope-from mdc@prgmr.com) Received: from mail.prgmr.com (mail.prgmr.com [64.62.173.114]) by mx1.freebsd.org (Postfix) with ESMTP id 9EF708FC19 for ; Sat, 29 Aug 2009 20:33:23 +0000 (UTC) Received: from frylock.local (c-71-202-68-54.hsd1.ca.comcast.net [71.202.68.54]) by mail.prgmr.com (Postfix) with ESMTP id 7FC1268B5B for ; Sat, 29 Aug 2009 13:35:21 -0700 (PDT) Message-ID: <4A99908F.7090804@prgmr.com> Date: Sat, 29 Aug 2009 13:33:19 -0700 From: Michael David Crawford Organization: Prgmr.com User-Agent: Thunderbird 2.0.0.22 (Macintosh/20090605) MIME-Version: 1.0 CC: freebsd-questions@freebsd.org References: <87y6p4pbd0.fsf@kobe.laptop> <20090829022431.5841d4de@gumby.homeunix.com> <4A98A8A1.7070305@prgmr.com> <4a98d375.W9fcoTOIN1DqRk/3%perryh@pluto.rain.com> <20090829134436.4461d8c9@gumby.homeunix.com> <4A9971C5.1080308@infracaninophile.co.uk> In-Reply-To: <4A9971C5.1080308@infracaninophile.co.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: SUID permission on Bash script X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Aug 2009 20:33:23 -0000 Perhaps a better idea than a setuid shell script, would be to figure out just what it is about your script that really needs to be executed as root. When write a C program that can do just that one thing - and absolutely nothing else. If it takes any kind of input, or command line parameters, then it must validate them very carefully, to ensure that it's not being misused. Then your script could call that C program whenever it needs that privileged operation performed. Suppose you were to give the keys to your Lamborghini to a parking attendant. Wouldn't you want to trust that he wasn't going to sell your Lamborghini to a chop shop? Writing a setuid program is just like that: writing one poorly is like handing your race car keys to a car thief. He might not steal your car today, but if you're not careful about how you hand out your trust, he will someday. Mike -- Michael David Crawford mdc@prgmr.com prgmr.com - We Don't Assume You Are Stupid. Xen-Powered Virtual Private Servers: http://prgmr.com/xen