Chris Telting <christopher...@telting.org> wrote: > Seemed like I read that historically unix ran the #! command > as the suid when it executed the file. Did Freebsd delete > that functionality? (Otherwise how did suid scripts get the > bad reputation if they could never execute suid.)
There have indeed been Unix (or Unix-like) systems that have implemented suid #! scripts. It did not take very long for someone to discover -- and demonstrate -- the massive security hole that they opened, which led to the capability being removed. IIUC this happened fairly early in the Berkeley era, long before FreeBSD existed as such. Thus it was a predecessor of FreeBSD, and not FreeBSD itself, from which the functionality was deleted. It _is_ possible in principle to close that particular security hole while retaining the suid #! functionality, but it requires coordination between the kernel and the interpreter (and, in the variant I'm aware of, the introduction of a fourth standard file identifier similar to the well-known stdin, stdout, and stderr). However, even supposing that this fix is applied, how certain can we be that there are no _other_ exposures? > I'm not exactly clear where the execute function is. I guessing > that it's not the shell doing the #! interpretation but rather the > execute function of the operating system. Correct. The exec function examines the first block of the file that is to be executed, and determines how to execute it by recognizing particular values in particular places. When the first two bytes are #!, the characters following the #! (up to the next whitespace) identify an interpreter which is executed, the name of the script being passed to the interpreter as a parameter. Presumably it would be possible for exec to recognize the suid bit on the script, and set the UID accordingly when executing the interpreter, but AFAIK there is no way to "configure" FreeBSD to do this; you would have to modify the kernel. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"