From owner-freebsd-questions  Mon Jun 16 10:25:11 1997
Return-Path: <owner-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id KAA17347
          for questions-outgoing; Mon, 16 Jun 1997 10:25:11 -0700 (PDT)
Received: from whqvax.picker.com (whqvax.picker.com [144.54.1.1])
          by hub.freebsd.org (8.8.5/8.8.5) with SMTP id KAA17334
          for <questions@freebsd.org>; Mon, 16 Jun 1997 10:25:02 -0700 (PDT)
Received: from ct.picker.com by whqvax.picker.com with SMTP;
          Mon, 16 Jun 1997 13:24:23 -0400 (EDT)
Received: from elmer.ct.picker.com ([144.54.57.34]) by ct.picker.com (4.1/SMI-4.1)
	id AA00534; Mon, 16 Jun 97 13:24:21 EDT
Received: by elmer.ct.picker.com (SMI-8.6/SMI-SVR4)
	id NAA13974; Mon, 16 Jun 1997 13:22:55 -0400
Message-Id: <19970616132255.62171@ct.picker.com>
Date: Mon, 16 Jun 1997 13:22:55 -0400
From: Randall Hopper <rhh@ct.picker.com>
To: Steve Hovey <shovey@buffnet.net>
Cc: questions@freebsd.org
Subject: Re: Set execution UID on script -- A Question
References: <01BC75C2.A3B27CA0.ellis@kcc.com> <Pine.BSI.3.95.970611092114.9324C-100000@buffnet11.buffnet.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.76
In-Reply-To: <Pine.BSI.3.95.970611092114.9324C-100000@buffnet11.buffnet.net>; from Steve Hovey on Wed, Jun 11, 1997 at 09:21:25AM -0400
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

 |Shell scripts cant be suid for security reasons.

Are there any inherent problems with the setuid scheme used on Solaris
boxes (aside from logic problems introduced by the script writer)?  If not,
we might consider switching to that method.  Seems like part of the
differences involve the passing of the name of the script to the
interpreter via /dev/fd/3 rather than passing a pathname on the
command-line.

To write setuid scripts on Solaris one simply uses:

  "#!/bin/sh -p" or "#!/bin/csh -fb" 

at the top of scripts, where:

     SH:
          -p         If the -p flag is present, the shell will not set
                    the  effective user and group IDs to the real user
                    and group IDs.

     CSH:
          -b         Force a break from option processing.  Subsequent
                    command  line  arguments  are not interpreted as C
                    shell options.  This allows the passing of options
                    to a script without confusion.  The shell does not
                    run set-user-ID  or  set-group-ID  scripts  unless
                    this option is present.

          -f         Fast start. Read neither the .cshrc file, nor the
                    .login file (if a login shell) upon startup.

Of course, its up to the script writer to be sensible in writing the
script, as in Perl (e.g. override PATH, etc.).  But setuid perl is
supported, so that's not really an issue.

Randall Hopper