[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Guile scripts and setuid bit -> trouble
|
From: |
tomas |
|
Subject: |
Re: Guile scripts and setuid bit -> trouble |
|
Date: |
Mon, 10 Jan 2005 09:16:18 +0100 |
|
User-agent: |
Mutt/1.5.3i |
On Thu, Jan 06, 2005 at 04:26:25PM -0800, Roland Besserer wrote:
>
> Hi,
>
> I am having an issue running guile scripts on a Solaris 9 machine.
> The script starts with the usual:
>
> #!/usr/local/bin/guile \
> -e main -s
> !#
[...]
> ERROR: Unbound variable: !#
hi,
don't know about Solaris -- but note that setuid *scripts* are
special. Done naively they are inherently insecure. Different
systems have different approaches to cope with that. Linux, for
example, just ignores the setuid bit on scripts (you can do
setuid Perl scripts, but that involves some suidperl black magic,
having a setuid Perl interpreter as one of its tasty ingredients,
yummm...). Maybe Solaris is passing an already-open file descriptor
to the shell (i.e. guile), on which the first line is ``read-off'',
so poor guile doesn't get the hash-bang at the beginning?
What happens if you append a backslash to the second line? What if
you change the last one to ``#! !#'' (looks funny, right ;-)
Regards
-- tomás
pgpigEqL_Zq7T.pgp
Description: PGP signature