Jonathan McKeown <[email protected]> writes: > On Thursday 23 July 2009 20:28:52 Lowell Gilbert wrote:
>> That's clever, but how would it work in practice, while common shells >> and scripting languages may not implement their side of it? > > http://www.in-ulm.de/~mascheck/various/shebang/ claims that it's been > implemented, in exactly the way described, in Solaris, OpenBSD and NetBSD > (albeit as a kernel compile-time option in the latter two). (It's apparently > also in IRIX and UnixWare). > > Given OpenBSD's admirable paranoia about security (hey, I'm a sysadmin: I > never ask myself if I'm being paranoid, but if I'm being paranoid enough!) > I'd have thought they would have explored the implications fully. They don't enable it by default, and they don't seem to recommend it. > Certainly other stuff knows about it. As I said yesterday, Perl describes the > problem in its perlsec manpage/perldoc. The perl interpreter even has a > build-time option, SETUID_SCRIPTS_ARE_SECURE_NOW - and the correct setting is > supposedly detected as part of configure. The problem I'm wondering about is that it doesn't matter what knows about it as long as there's an interpreter that *doesn't*. Anything that opens a script parameter on its own (there are other vulnerable approaches, but one's enough) will be insecure. I may well be missing something, of course. > There may well be some problems to overcome, but this doesn't appear to be > unexplored territory. Not entirely, but there may well be a reason it's never been in common use. - Lowell _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[email protected]"
