Subject: Re: Some general questions (xdm)
To: None <ws@kurt.tools.de>
From: Sergio Monesi <msergio@mbox.vol.it>
List: port-arm32
Date: 01/08/1997 19:05:18
In message <199701061516.QAA29502@kurt.tools.de> you wrote:
> > I believe there are a lot of ways to make shell SUID scripts secure, at
> > least there are for other Unix fashions (including SUN-OS/Solaris which
> > says it all...). Is this limitation a RiscBSD thing or is it a NetBSD
> > problem and will it be fixed?
> While you CAN make setuid scripts work on NetBSD/RiscBSD (just add an
> "options SETUIDSCRIPTS" to your configuration), those CANNOT be made secure
> in any sense of the word.
Why isn't this option included by default in the distributed kernel? There
are no SUID scripts in the NetBSD distribution and if a (super)user wants to
create such a thing he should know that there are potential security
problems... In my case, for example, I would keep this file in the directory
of the user 'sergio' so that nobody else will ever run this 'dangerous' file
anyway...
I'd like to compile my own kernel but I still haven't understood how to get
the latest kernel sources (considering that my RiscBSD machine is never
connected with Internet) without getting *all* the NetBSD stuff for other
platforms as well (which will make the archive a bit difficult to transfer
via floppy!).
> Things like redefining IFS come to mind.
The kernel should be aware of this problem and fix it (or the various shells
may check themselves).
Cheers,
Sergio
--
Sergio Monesi...
char *email[]={"msergio@mbox.vol.it","sergio@freebsd.first.gmd.de"};
char *www[]={"http://cdc8g5.cdc.polimi.it/~pel0015/"};
// Huh? My keyboard doesn't have an "any" key...