Return to BSD News archive
#! rnews 1684 bsd Newsgroups: comp.unix.bsd.freebsd.misc Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!nntp.coast.net!zombie.ncsc.mil!news.mathworks.com!newsfeed.internetmci.com!in2.uu.net!netlabs!lwall From: lwall@netlabs.com (Larry Wall) Subject: Re: execve() ignores shell script setuid bit Message-ID: <1996Feb7.202023.10559@netlabs.com> Reply-To: lwall@sems.com Organization: Seagate Enterprise Management Software, Cupertino, California. References: <30FEC809.167EB0E7@lasorda.princeton.edu> <DLpKsB.FF1@ritz.mordor.com> <ufn379r652.fsf@cumulus.sky.bln.sub.org> <4eunul$ggn@blob.best.net> Date: Wed, 7 Feb 1996 20:20:23 GMT Lines: 22 In article <4eunul$ggn@blob.best.net>, Matt Dillon <dillon@best.com> wrote: : :In article <ufn379r652.fsf@cumulus.sky.bln.sub.org>, : :Martin Ibert <martini@heaven7.snafu.de> wrote: : :>In article <DLpKsB.FF1@ritz.mordor.com> bet@ritz.mordor.com (Bennett Todd) writes: : :> : :>: You'll have to make an executable with a compiled language like C. You can't : :>: use perl --- it's a #!-magic scripting language. : :> : :>You can. There is a special version of perl for suid scripts : :>(suidperl) that itself is suid to root (and a "real" program). That : :>will handle all security concerns for you And if the : :>interpreter itself is suid (rather than the script), it should run alright. : : The only problem is that suidperl is too dangerous to install. That : is, unless you *want* someone to hack root on your machine... Well, that's easy to say, but I've never heard of anyone using it to hack into root anywhere. If there's a security hole in suidperl, I'd sure like to know about it. Larry Wall lwall@sems.com