I've googled for over an hour.
I'm not looking to get into a discussion on security or previous bugs
that are currently fixed. Suid in and of itself is a security issue.
But if you are using suid it it should work; I don't want to use a
kludge and I don't want to use sudo. I'm hoping it's a
--As of May 10, 2011 5:54:04 PM -0700, Chris Telting is alleged to have
said:
I've googled for over an hour.
I'm not looking to get into a discussion on security or previous bugs
that are currently fixed. Suid in and of itself is a security issue.
But if you are using suid it it should work;
On Tue, 10 May 2011 21:43:43 -0400, Daniel Staal wrote:
> One thought: What's the output of 'mount' for the slice you are trying to
> run this script from? (Suid can be blocked on a per-mountpoint basis.)
Just for terminology: You mount a partition, _not_ a slice,
so mount operates on partition
--As of May 11, 2011 3:55:03 AM +0200, Polytropon is alleged to have said:
On Tue, 10 May 2011 21:43:43 -0400, Daniel Staal wrote:
One thought: What's the output of 'mount' for the slice you are trying
to run this script from? (Suid can be blocked on a per-mountpoint
basis.)
Just for termi
On May 10, 2011, at 5:54 PM, Chris Telting wrote:
> I've googled for over an hour.
>
> I'm not looking to get into a discussion on security or previous bugs that
> are currently fixed. Suid in and of itself is a security issue. But if you
> are using suid it it should work; I don't want to u
On 05/10/2011 19:19, Devin Teske wrote:
On May 10, 2011, at 5:54 PM, Chris Telting wrote:
I've googled for over an hour.
I'm not looking to get into a discussion on security or previous bugs that are
currently fixed. Suid in and of itself is a security issue. But if you are
using suid it i
Chris Telting wrote:
> Seemed like I read that historically unix ran the #! command
> as the suid when it executed the file. Did Freebsd delete
> that functionality? (Otherwise how did suid scripts get the
> bad reputation if they could never execute suid.)
There have indeed been Unix (or Unix
Here is some information on what perl does:
http://www.washington.edu/perl5man/pod/perlsec.html
Also there is an option (not chosen by default) in the perl port to
enable setuid.
Riaan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd
On Wednesday 11 May 2011 04:19:29 Devin Teske wrote:
>
> The reason that the suid bit doesn't work on scripts (shell, perl, or
> otherwise) is because these are essentially text files that are interpreted
> by their associated interpreter. It is the interpreter itself that must be
> suid.
I'm pret
On Tue, May 10, 2011 at 05:54:04PM -0700, Chris Telting wrote:
> I've googled for over an hour.
>
> I'm not looking to get into a discussion on security or previous bugs
> that are currently fixed. Suid in and of itself is a security issue.
> But if you are using suid it it should work; I don
On Wed, May 11, 2011 at 10:14 AM, Jerry McAllister wrote:
> On Tue, May 10, 2011 at 05:54:04PM -0700, Chris Telting wrote:
>
>> I've googled for over an hour.
As other have said suiding on scripts is not allowed in modern
versions of Unix. What I do for example, is create small C programs
suid th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 5/11/11 12:31 PM, Alejandro Imass wrote:
> On Wed, May 11, 2011 at 10:14 AM, Jerry McAllister wrote:
>> On Tue, May 10, 2011 at 05:54:04PM -0700, Chris Telting wrote:
>>
>>> I've googled for over an hour.
>
> As other have said suiding on scripts
On 05/11/2011 07:14, Jerry McAllister wrote:
On Tue, May 10, 2011 at 05:54:04PM -0700, Chris Telting wrote:
I've googled for over an hour.
I'm not looking to get into a discussion on security or previous bugs
that are currently fixed. Suid in and of itself is a security issue.
But if you are
On Thu, May 12, 2011 at 07:13:50AM -0700, Chris Telting wrote:
> On 05/11/2011 07:14, Jerry McAllister wrote:
> >On Tue, May 10, 2011 at 05:54:04PM -0700, Chris Telting wrote:
> >
> >>I've googled for over an hour.
> >>
> >>I'm not looking to get into a discussion on security or previous bugs
> >>
On Thursday 12 May 2011 16:13:50 Chris Telting wrote:
> On 05/11/2011 07:14, Jerry McAllister wrote:
> > On Tue, May 10, 2011 at 05:54:04PM -0700, Chris Telting wrote:
> >> I've googled for over an hour.
> >>
> >> I'm not looking to get into a discussion on security or previous bugs
> >> that are c
On 05/12/2011 07:57, Jonathan McKeown wrote:
On Thursday 12 May 2011 16:13:50 Chris Telting wrote:
On 05/11/2011 07:14, Jerry McAllister wrote:
On Tue, May 10, 2011 at 05:54:04PM -0700, Chris Telting wrote:
I've googled for over an hour.
I'm not looking to get into a discussion on security or
On Thursday 12 May 2011 17:26:49 Chris Telting wrote:
> On 05/12/2011 07:57, Jonathan McKeown wrote:
> >
> > I'll say that again. It is inherently insecure to run an interpreted
> > program set-uid, because the filename is opened twice and there's no
> > guarantee that someone hasn't changed the co
On 13 May 2011 08:32, Jonathan McKeown wrote:
> On Thursday 12 May 2011 17:26:49 Chris Telting wrote:
> > On 05/12/2011 07:57, Jonathan McKeown wrote:
> > >
> > > I'll say that again. It is inherently insecure to run an interpreted
> > > program set-uid, because the filename is opened twice and t
On 05/13/2011 00:32, Jonathan McKeown wrote:
On Thursday 12 May 2011 17:26:49 Chris Telting wrote:
On 05/12/2011 07:57, Jonathan McKeown wrote:
I'll say that again. It is inherently insecure to run an interpreted
program set-uid, because the filename is opened twice and there's no
guarantee tha
On 05/13/2011 01:32, krad wrote:
what i cant understand is the complete aversion to sudo. Could you
shed any light on why you are trying to avoid a tried and tested method.
That I freely admit is for no rational reason. It's just annoying. But
let me ask you.. is "sudo ping" acceptable? Please
On 13 May 2011 11:07, Chris Telting wrote:
> On 05/13/2011 01:32, krad wrote:
>
>> what i cant understand is the complete aversion to sudo. Could you shed
>> any light on why you are trying to avoid a tried and tested method.
>>
>
> That I freely admit is for no rational reason. It's just annoyin
Chris Telting writes:
> On 05/13/2011 01:32, krad wrote:
>> what i cant understand is the complete aversion to sudo. Could you
>> shed any light on why you are trying to avoid a tried and tested
>> method.
>
> That I freely admit is for no rational reason. It's just annoying. But
...a shebang ca
C
On Friday, 13 May 2011, Pan Tsu wrote:
> Chris Telting writes:
>
>> On 05/13/2011 01:32, krad wrote:
>>> what i cant understand is the complete aversion to sudo. Could you
>>> shed any light on why you are trying to avoid a tried and tested
>>> method.
>>
>> That I freely admit is for no ratio
On Fri, May 13, 2011 at 6:07 AM, Chris Telting
wrote:
> On 05/13/2011 01:32, krad wrote:
[...]
> me ask you.. is "sudo ping" acceptable? Please explain the logical reason
> why not. It would be the preferred method if suid didn't exist and sudo was
> part of the base system.
The sudo versus suid
Chris Telting wrote:
> let me ask you.. is "sudo ping" acceptable? Please explain the
> logical reason why not. It would be the preferred method if suid
> didn't exist and sudo was part of the base system.
Without suid there would be no sudo ;)
Part of the reason for ping being suid is historic
> "Pan" == Pan Tsu writes:
Pan> ...a shebang can be written with sudo in mind, e.g.
Pan> #! /usr/bin/env -S sudo sh
Pan> id
(Untested) why not just "#!/usr/local/bin/sudo" ? It'll be given the
filename as an argument.
Aside: In general, almost every use of "#!/usr/bin/env XXX" as a
so
On Sat, May 14, 2011 at 3:09 PM, Randal L. Schwartz
wrote:
>> "Pan" == Pan Tsu writes:
[...]
> (Untested) why not just "#!/usr/local/bin/sudo" ? It'll be given the
> filename as an argument.
Precisely. I think this thread should be forked to something like
"suid versus sudo for scripts"?
On 05/13/2011 14:34, Alejandro Imass wrote:
On Fri, May 13, 2011 at 6:07 AM, Chris Telting
wrote:
On 05/13/2011 01:32, krad wrote:
[...]
me ask you.. is "sudo ping" acceptable? Please explain the logical reason
why not. It would be the preferred method if suid didn't exist and sudo was
part
> "Chris" == Chris Telting writes:
Chris> I honestly tried when I posted the question to avoid the question
Chris> of right or wrong. I simply have one opinion for my own need and
Chris> preference and don't want to go into rigid detail and did not
Chris> mean to reopen the issue. I simply wa
On 15 May 2011 15:30, Randal L. Schwartz wrote:
> > "Chris" == Chris Telting writes:
>
> Chris> I honestly tried when I posted the question to avoid the question
> Chris> of right or wrong. I simply have one opinion for my own need and
> Chris> preference and don't want to go into rigid deta
On Wed, 11 May 2011 11:59:48 +0200 Jonathan McKeown
wrote:
>On Wednesday 11 May 2011 04:19:29 Devin Teske wrote:
>>
>> The reason that the suid bit doesn't work on scripts (shell, perl, or
>> otherwise) is because these are essentially text files that are interpreted
>> by their associated in
31 matches
Mail list logo
