On Wed, Jun 27, 2007 at 12:55:15AM +0200, Roland Mainz wrote:
> Nicolas Williams wrote:
> > On Sat, Jun 23, 2007 at 12:31:28PM -0500, Nicolas Williams wrote:
> > > On Sat, Jun 23, 2007 at 12:18:05PM -0500, Nicolas Williams wrote:
> > > > Couldn't wait for ZFS delegation, so I cobbled something together; see
> > > > attachment.
> > >
> > > I forgot to slap on the CDDL header...
> > 
> > And I forgot to add a -p option here:
> > 
> > > #!/bin/ksh
> > 
> > That should be:
> > 
> > > #!/bin/ksh -p
> 
> Uhm... that's no longer needed for /usr/bin/ksh in Solaris 10 and ksh93
> never needed it.

But will ksh or ksh93 know that this script must not source $ENV?

Apparently ksh won't source it anyways; this was not clear from the man
page.

Note that in the RBAC profile for this script the script gets run with
privs=all, not euid=0, so checking that euid == uid is not sufficient.

> > Note that this script is not intended to be secure, just to keep honest
> > people honest and from making certain mistakes.  Setuid-scripts (which
> > this isn't quite) are difficult to make secure.
> 
> Uhm... why ? You only have to make sure the users can't inject
> data/code. David Korn provided some guidelines for such cases, see
> http://mail.opensolaris.org/pipermail/shell-discuss/2007-June/000493.html
> (mainly avoid "eval", put all variable expensions in quotes, set IFS= at
> the beginning of the script and harden your script against unexpected
> input (classical example is $ myscript "$(cat /usr/bin/cat)" # (e.g. the
> attempt to pass a giant binary string as argument))) ... and I am
> currently working on a new shell code style guideline at
> http://www.opensolaris.org/os/project/shell/shellstyle/ with more stuff.

As you can see the script quotes user arguments throughout.  It's
probably secure -- what I meant is that I make no guarantees about this
script :)

Nico
-- 
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss

Reply via email to