sam@epita.fr (Sam) writes:
> > I have a tcsh setuid script and the right option in the kernel
> > (SETUIDSCRIPTS), and when i launch it i got this error:
> > 
> > /dev/fd/3: Bad file descriptor.
> > 
> > the script should be setuid to root and executed as nobody.

This is not documented anywhere other than in the source, but then I
don't recall having documented SETUIDSCRIPTS and FDSCRIPTS, either.
8-) In a nutshell, "you've gotta use a reasonable shell for set-id
scripts (and exec-only scripts)."  If you wish the documentation to be
updated, I suggest you send a PR about it (preferably with patch).

From the comment in the source (exec_script.c):

        /*
         * if the script isn't readable, or it's set-id, then we've 
         * gotta supply a "/dev/fd/..." for the shell to read.
         * Note that stupid shells (csh) do the wrong thing, and
         * close all open fd's when the start.  That kills this
         * method of implementing "safe" set-id and x-only scripts.
         */ 

tcsh appears to be, in this way, as stupid as csh.

I used this code only while writing it, and for a short while
afterward.  In that time, however, our 'sh' did the right thing.
(wow, 6+ years ago.)  I'd guess that our sh still does the right
thing, though.


Note also that there are some (including myself) who would say that
csh (or a csh derivative) is the wrong scripting language to be
writing any kind of shell script in.  If you want more info on that,
try:

	http://www.landfield.com/faqs/unix-faq/shell/csh-whynot/

(These days, 'sh' is pretty much standardized by POSIX and perhaps
other standards, but alas not every system's /bin/sh is that standard
shell.  On some, e.g. solaris, it's ksh.  on others, who knows.  8-)


chris
--
not speaking for my employer, of course.