Subject: Re: Setreuid in perl-4.036
To: None <cgd@alpha.bostic.com>
From: Mark P. Gooderum <mark@aggregate.com>
List: current-users
Date: 07/21/1994 17:07:09
> umm, i can't quite parse this...
>
> "it seems a major deviation from common Unix" -- what is "it"?
> SETUIDSCRIPTS? or the fact that setuid scripts don't setuid at all?
The fact that it doesn't setuid at all.
> the former probably should be documented, but i'd really rather that
> anybody who wants to use it have to look over the code, anyway.
You could document SETUIDSCRIPTS but not FDSCRIPTS and remove the automatic
contingent reply so that people can find the info easily, but then they
get a compile error and *have* to go look at the code, then you get both ;-).
> the latter is 100% standard UN*X -- normally, the set-id bits for
> scripts are ignored, because (since most un*xes don't have /dev/fd/*)
> there's no safe way to do set-id scripts.
I'm not arguing about the merits of setuid scripts, however, SunOS,
HP/UX, and Solaris (if /dev/fd isn't mounted) happily run setuid scripts
the old fashioned way. There's a lot of holes true, but it can be
done securely-if the file and dir permissions are correct and you use the
"break" arugment list processing option, or am I missing something else?
-Mark
------------------------------------------------------------------------------