[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Guile scripts and setuid bit -> trouble
From: |
tomas |
Subject: |
Re: Guile scripts and setuid bit -> trouble |
Date: |
Tue, 11 Jan 2005 10:06:42 +0100 |
User-agent: |
Mutt/1.5.3i |
On Mon, Jan 10, 2005 at 04:03:48PM -0800, Roland Besserer wrote:
>
> Naturally, I'm aware of the inherent security issues [...]
Of course. I wasn't questioning that.
What I was musing about was that maybe Solaris is doing some
dirty tricks to make the suid script (somewhat more) secure.
One of the possible approaches seems to be to pass the already-open
file descriptor to the interpreter -- maybe the interpreter (guile
in this case) doesn't `see' the first couple-of-lines of the
file? Solaris forgetting to rewind the file? Don't know.
But maybe... after all you might be better off with a wrapper
setuid (sudo or something custom-built)?
Regards
-- tomás
pgp1aHWGFGyDi.pgp
Description: PGP signature