Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.eng.convex.com!newshost.convex.com!newsgate.duke.edu!news.mathworks.com!gatech!usenet.eel.ufl.edu!spool.mu.edu!howland.reston.ans.net!EU.net!main.Germany.EU.net!Dortmund.Germany.EU.net!interface-business.de!usenet From: j@ida.interface-business.de (J Wunsch) Newsgroups: comp.unix.bsd.bsdi.misc Subject: Re: Setuid Date: 3 Jul 1996 07:55:11 GMT Organization: interface business GmbH, Dresden Lines: 20 Message-ID: <4rd90v$bug@innocence.interface-business.de> References: <61a7cc$c1438.2d6@news> Reply-To: joerg_wunsch@interface-business.de (Joerg Wunsch) NNTP-Posting-Host: ida.interface-business.de X-Newsreader: knews 0.9.6 X-Phone: +49-351-31809-14 X-Fax: +49-351-3361187 X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E mury@goldengate.net (Mury) wrote: (setuid programs) > It will run the perl script "newadd.pl", which runs the adduser, > edquota, etc. code. Thanks. Better yet, get a fixed version of the suidperl setuid Perl wrapper (see the recent CERT advisory), and run your script with this one. The advantage is that suidperl does so-called ``taint checking'', in an attempt to prevent you from the more obvious mistakes you could do when designing setuid programs. (For example, it complains loudly and refuses to run the script if it forks of a shell for some purpose, or it doesn't allow you to use arbitrary user input for the creation of file names.) -- J"org Wunsch Unix support engineer joerg_wunsch@interface-business.de http://www.interface-business.de/~j