On Wed, Jun 27, 2007 at 12:55:15AM +0200, Roland Mainz wrote: > Nicolas Williams wrote: > > On Sat, Jun 23, 2007 at 12:31:28PM -0500, Nicolas Williams wrote: > > > On Sat, Jun 23, 2007 at 12:18:05PM -0500, Nicolas Williams wrote: > > > > Couldn't wait for ZFS delegation, so I cobbled something together; see > > > > attachment. > > > > > > I forgot to slap on the CDDL header... > > > > And I forgot to add a -p option here: > > > > > #!/bin/ksh > > > > That should be: > > > > > #!/bin/ksh -p > > Uhm... that's no longer needed for /usr/bin/ksh in Solaris 10 and ksh93 > never needed it.
But will ksh or ksh93 know that this script must not source $ENV? Apparently ksh won't source it anyways; this was not clear from the man page. Note that in the RBAC profile for this script the script gets run with privs=all, not euid=0, so checking that euid == uid is not sufficient. > > Note that this script is not intended to be secure, just to keep honest > > people honest and from making certain mistakes. Setuid-scripts (which > > this isn't quite) are difficult to make secure. > > Uhm... why ? You only have to make sure the users can't inject > data/code. David Korn provided some guidelines for such cases, see > http://mail.opensolaris.org/pipermail/shell-discuss/2007-June/000493.html > (mainly avoid "eval", put all variable expensions in quotes, set IFS= at > the beginning of the script and harden your script against unexpected > input (classical example is $ myscript "$(cat /usr/bin/cat)" # (e.g. the > attempt to pass a giant binary string as argument))) ... and I am > currently working on a new shell code style guideline at > http://www.opensolaris.org/os/project/shell/shellstyle/ with more stuff. As you can see the script quotes user arguments throughout. It's probably secure -- what I meant is that I make no guarantees about this script :) Nico -- _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
