Re: setuid scripts

To: tech-userlevel%netbsd.org@localhost
Subject: Re: setuid scripts
From: Aleksej Saushev <asau%inbox.ru@localhost>
Date: Sat, 14 Feb 2009 18:41:01 +0300

Alan Barrett <apb%cequrux.com@localhost> writes:

> On Sat, 14 Feb 2009, Aleksej Saushev wrote:
>> > I think you can run setuid scripts if you build a custom kernel with
>> > SETUIDSCRIPTS enabled.
>> 
>> Does it prevent symlink attack or simply disables the check?
>
> AFAIK it works properly, by passing the script to the shell using an
> open file descriptor, named via /dev/fd/${number}.  I have no idea why
> it's disabled by default.

Any reason to keep it disabled?


-- 
CKOPO BECHA...
   CKOPO CE3OH...

Follow-Ups:
- Re: setuid scripts
  - From: Christos Zoulas

References:
- Re: Adding a simple editor to the base system
  - From: Iain Hibbert
- Re: Adding a simple editor to the base system
  - From: David Brownlee
- Re: Adding a simple editor to the base system
  - From: D'Arcy J.M. Cain
- Re: Adding a simple editor to the base system
  - From: Aleksej Saushev
- Re: Adding a simple editor to the base system
  - From: markucz
- Re: Adding a simple editor to the base system
  - From: Aleksej Saushev
- setuid scripts
  - From: Alan Barrett

Prev by Date: setuid scripts
Next by Date: Re: Adding a simple editor to the base system
Previous by Thread: setuid scripts
Next by Thread: Re: setuid scripts
Indexes:

Home | Main Index | Thread Index | Old Index