From owner-freebsd-questions@FreeBSD.ORG Thu May 12 15:26:51 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 231FE106566B for ; Thu, 12 May 2011 15:26:51 +0000 (UTC) (envelope-from christopher-ml@telting.org) Received: from mail.telting.org (mail.telting.org [204.109.56.249]) by mx1.freebsd.org (Postfix) with ESMTP id EDD7A8FC12 for ; Thu, 12 May 2011 15:26:50 +0000 (UTC) Received: from ares.local (cpe-76-168-204-255.socal.res.rr.com [76.168.204.255]) by mail.telting.org (Postfix) with ESMTP id E8A3A2846A; Thu, 12 May 2011 15:26:49 +0000 (UTC) Message-ID: <4DCBFC39.8060900@telting.org> Date: Thu, 12 May 2011 08:26:49 -0700 From: Chris Telting User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.2.17) Gecko/20110429 Thunderbird/3.1.10 MIME-Version: 1.0 To: Jonathan McKeown References: <4DC9DE2C.6070605@telting.org> <20110511141420.GD41080@gizmo.acns.msu.edu> <4DCBEB1E.6090209@telting.org> <201105121657.57647.j.mckeown@ru.ac.za> In-Reply-To: <201105121657.57647.j.mckeown@ru.ac.za> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Established method to enable suid scripts? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2011 15:26:51 -0000 On 05/12/2011 07:57, Jonathan McKeown wrote: > On Thursday 12 May 2011 16:13:50 Chris Telting wrote: >> On 05/11/2011 07:14, Jerry McAllister wrote: >>> On Tue, May 10, 2011 at 05:54:04PM -0700, Chris Telting wrote: >>>> I've googled for over an hour. >>>> >>>> I'm not looking to get into a discussion on security or previous bugs >>>> that are currently fixed. Suid in and of itself is a security issue. >>>> But if you are using suid it it should work; I don't want to use a >>>> kludge and I don't want to use sudo. I'm hoping it's a setting that is >>>> just disabled by default. >>> My understanding is that in general the system does not allow SUID >>> on scripts. The way I have gotten around that (a long time ago) >>> was to create a small binary that exec's the script and making >>> the binary SUID. >> Well it's all hacks and in my not so humble option like chasing your >> tail. The assumption is that if someone creates an executable >> (assumption is programming is C) they are more credible not to make >> mistakes. That's a fallacy and just plain nuts. And I'm an interpreted >> language snob saying that. Suid is either allowable or not and should >> be a sysctl and apply equally to binaries and scripts. Yet another >> thing to add to my project list. Anyone know of an established patch >> for fix this freebsd issue or am I yet again going to have to create my >> own? > Have you appreciated the issue with suid on scripts? It's nothing at all to do > with whether someone writing a compiled language is a better programmer than > someone writing an interpreted language. > > When the OS launches a binary, the file containing the program is opened once. > > When the OS launches an interpreted program, the file is opened once to find > out which interpreter to run, and then the interpreter is told to re-open the > same filename - whose contents might meanwhile have changed. > > I'll say that again. It is inherently insecure to run an interpreted program > set-uid, because the filename is opened twice and there's no guarantee that > someone hasn't changed the contents of the file addressed by that name > between the first and second open. > > It's one thing to tell people they need to be careful with suid because it has > security implications. Deliberately introducing a well-known security hole > into the system would in my view be dangerous and wrong. That race condition bug was fixed in ancient times. Before Freebsd or Linux ever existed I believe. It's a meme that just won't die. People accepted mediocrity in old commercial versions of Unix. I personally am unsatisfied by kludges.