Date: Tue, 11 Mar 2003 11:07:29 +0100 From: Ruben de Groot <fbsd-q@bzerk.org> To: Ryan Thompson <ryan@sasknow.com> Cc: Paul Lathrop <plathrop@mqtweb.com>, freebsd-questions@FreeBSD.ORG Subject: Re: your mail Message-ID: <20030311100729.GA95889@ei.bzerk.org> In-Reply-To: <20030311004832.R34446-100000@ren.sasknow.com> References: <5E789B70-538D-11D7-9C72-000393BF3DE2@mqtweb.com> <20030311004832.R34446-100000@ren.sasknow.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 11, 2003 at 01:09:23AM -0600, Ryan Thompson typed: > Paul Lathrop wrote to Ryan Thompson: > > > > I'd also like to remind the original poster about the security > > > risks associated with suid binaries. There are many subtle ways in > > > which suid binaries can bite one in the ass... especially where > > > other local users are present. > > > > Is just learning Perl an option here? Perl scripts aren't binaries - > > to my understanding at least. > > Correct. They're interpreted scripts, just like shell scripts. The > only difference is, they're fed through /usr/bin/perl instead of > /bin/sh. The operating system doesn't distinguish between them. > > > Will they also be denied by the OS? > > Yes. True. But there is the suidperl binary to circumvent this. If your /usr/bin/suidperl is suid root (which it is not by default I believe), perl will honor the suid or sgid bits on your perlscripts. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030311100729.GA95889>