setuid scripts

To: tech-userlevel%NetBSD.org@localhost
Subject: setuid scripts
From: Alan Barrett <apb%cequrux.com@localhost>
Date: Sat, 14 Feb 2009 16:24:44 +0200

On Sat, 14 Feb 2009, Aleksej Saushev wrote:
> > I think you can run setuid scripts if you build a custom kernel with
> > SETUIDSCRIPTS enabled.
> 
> Does it prevent symlink attack or simply disables the check?

AFAIK it works properly, by passing the script to the shell using an
open file descriptor, named via /dev/fd/${number}.  I have no idea why
it's disabled by default.

--apb (Alan Barrett)

Follow-Ups:
- Re: setuid scripts
  - From: Aleksej Saushev

References:
- Re: Adding a simple editor to the base system
  - From: Iain Hibbert
- Re: Adding a simple editor to the base system
  - From: David Brownlee
- Re: Adding a simple editor to the base system
  - From: D'Arcy J.M. Cain
- Re: Adding a simple editor to the base system
  - From: Aleksej Saushev
- Re: Adding a simple editor to the base system
  - From: markucz
- Re: Adding a simple editor to the base system
  - From: Aleksej Saushev

Prev by Date: Re: Adding a simple editor to the base system
Next by Date: Re: setuid scripts
Previous by Thread: Re: Adding a simple editor to the base system
Next by Thread: Re: setuid scripts
Indexes:

Home | Main Index | Thread Index | Old Index