Date: Sat, 29 Aug 2009 13:33:19 -0700 From: Michael David Crawford <mdc@prgmr.com> Cc: freebsd-questions@freebsd.org Subject: Re: SUID permission on Bash script Message-ID: <4A99908F.7090804@prgmr.com> In-Reply-To: <4A9971C5.1080308@infracaninophile.co.uk> References: <beaf3aa50908280124pbd2c760v8d51eb4ae965dedc@mail.gmail.com> <87y6p4pbd0.fsf@kobe.laptop> <20090829022431.5841d4de@gumby.homeunix.com> <4A98A8A1.7070305@prgmr.com> <4a98d375.W9fcoTOIN1DqRk/3%perryh@pluto.rain.com> <20090829134436.4461d8c9@gumby.homeunix.com> <4A9971C5.1080308@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Perhaps a better idea than a setuid shell script, would be to figure out
just what it is about your script that really needs to be executed as root.
When write a C program that can do just that one thing - and absolutely
nothing else.
If it takes any kind of input, or command line parameters, then it must
validate them very carefully, to ensure that it's not being misused.
Then your script could call that C program whenever it needs that
privileged operation performed.
Suppose you were to give the keys to your Lamborghini to a parking
attendant.
Wouldn't you want to trust that he wasn't going to sell your Lamborghini
to a chop shop?
Writing a setuid program is just like that: writing one poorly is like
handing your race car keys to a car thief.
He might not steal your car today, but if you're not careful about how
you hand out your trust, he will someday.
Mike
--
Michael David Crawford
mdc@prgmr.com
prgmr.com - We Don't Assume You Are Stupid.
Xen-Powered Virtual Private Servers: http://prgmr.com/xen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A99908F.7090804>