Re: coupe things RedHat does well and Debian should too
On Mon, May 08, 2000 at 01:40:12AM -0800, Ethan Benson wrote:
>On Mon, May 08, 2000 at 06:54:09PM +1000, Brendan O'Dea wrote:
>> On Mon, May 08, 2000 at 03:15:54AM -0400, Decklin Foster wrote:
>> >Ethan Benson writes:
>> >> im not all that familier with the way suidperl works but why can't
>> >> it check for nosuid mount options before allowing a script located
>> >> on a nosuid filesystem from being run suid?
>> suidperl honours the nosuid flag.
>
>i just tested this and it appears that it does, [...]
>actually just testing this on my OpenBSD box this seems to be the
>case, it has no suidperl binary, [...]
>is suidperl even needed on non-linux systems? the only reason i think
>think of why its required is because the linux kernel refuses to run
>scripts suid (though i can't quite tell if it does that to perl
>scripts) OpenBSD happily runs shell scripts suid... AFAIK ignoring
>suid on scripts is a linuxism.
It's not a linux-ism, there are quite a few systems which ignore the
setuid bits on scripts.
The major problem (aside from the difficulties of writing scripts in a
secure manner) with setuid scripts is that there is a window between the
time the kernel opens the script and determines the interpreter from the
"#!" line, and the time that the interpreter opens the script from it's
command line.
To ensure that the script is not changed in that window, kernels with
secure setuid script handling pass /dev/fd/n as the script name, and
write the content of the script to that handle.
The suidperl executable is a hack to emulate setuid scripts on systems
which ignore the set[ug]id bits by execing a setuid-root version of perl
when those bits are detected on the script and setting the uid/gid
appropriately. It additionally performs a whole bunch of [hopefully
correct] checks including fstatvfs() to check for nosuid.
Regards,
--
Brendan O'Dea bod@compusol.com.au
Compusol Pty. Limited (NSW, Australia) +61 2 9809 0133
Reply to: