Re: setuid scripts

To: tech-userlevel%netbsd.org@localhost
Subject: Re: setuid scripts
From: christos%astron.com@localhost (Christos Zoulas)
Date: Sat, 14 Feb 2009 18:31:36 +0000 (UTC)

In article <87r62158mq.fsf%inbox.ru@localhost>, Aleksej Saushev  
<asau%inbox.ru@localhost> wrote:
>Alan Barrett <apb%cequrux.com@localhost> writes:
>
>> On Sat, 14 Feb 2009, Aleksej Saushev wrote:
>>> > I think you can run setuid scripts if you build a custom kernel with
>>> > SETUIDSCRIPTS enabled.
>>> 
>>> Does it prevent symlink attack or simply disables the check?
>>
>> AFAIK it works properly, by passing the script to the shell using an
>> open file descriptor, named via /dev/fd/${number}.  I have no idea why
>> it's disabled by default.
>
>Any reason to keep it disabled?

People who write setuid shell scripts usually don't know what they are doing?

christos

Follow-Ups:
- Re: setuid scripts
  - From: Aleksej Saushev
- Re: setuid scripts
  - From: David Laight

References:
- Re: Adding a simple editor to the base system
  - From: Iain Hibbert
- Re: Adding a simple editor to the base system
  - From: Aleksej Saushev
- setuid scripts
  - From: Alan Barrett
- Re: setuid scripts
  - From: Aleksej Saushev

Prev by Date: Re: Input line editing
Next by Date: Re: setuid scripts
Previous by Thread: Re: setuid scripts
Next by Thread: Re: setuid scripts
Indexes:

Home | Main Index | Thread Index | Old Index