[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Guile scripts and setuid bit -> trouble

From: tomas
Subject: Re: Guile scripts and setuid bit -> trouble
Date: Tue, 11 Jan 2005 10:06:42 +0100
User-agent: Mutt/1.5.3i

On Mon, Jan 10, 2005 at 04:03:48PM -0800, Roland Besserer wrote:
> Naturally, I'm aware of the inherent security issues [...]

Of course. I wasn't questioning that.

What I was musing about was that maybe Solaris is doing some
dirty tricks to make the suid script (somewhat more) secure.
One of the possible approaches seems to be to pass the already-open
file descriptor to the interpreter -- maybe the interpreter (guile
in this case) doesn't `see' the first couple-of-lines of the
file? Solaris forgetting to rewind the file? Don't know.

But maybe... after all you might be better off with a wrapper
setuid (sudo or something custom-built)?

-- tomás

Attachment: pgp1aHWGFGyDi.pgp
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]