Re: Guile scripts and setuid bit -> trouble

guile-user

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Guile scripts and setuid bit -> trouble

From:	tomas
Subject:	Re: Guile scripts and setuid bit -> trouble
Date:	Tue, 11 Jan 2005 10:06:42 +0100
User-agent:	Mutt/1.5.3i

On Mon, Jan 10, 2005 at 04:03:48PM -0800, Roland Besserer wrote:
> 
> Naturally, I'm aware of the inherent security issues [...]

Of course. I wasn't questioning that.

What I was musing about was that maybe Solaris is doing some
dirty tricks to make the suid script (somewhat more) secure.
One of the possible approaches seems to be to pass the already-open
file descriptor to the interpreter -- maybe the interpreter (guile
in this case) doesn't `see' the first couple-of-lines of the
file? Solaris forgetting to rewind the file? Don't know.

But maybe... after all you might be better off with a wrapper
setuid (sudo or something custom-built)?

Regards
-- tomás

pgp1aHWGFGyDi.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Guile scripts and setuid bit -> trouble, Roland Besserer, 2005/01/06
- Re: Guile scripts and setuid bit -> trouble, Andy Wingo, 2005/01/07
  - Re: Guile scripts and setuid bit -> trouble, Paul Jarc, 2005/01/09
- Re: Guile scripts and setuid bit -> trouble, tomas, 2005/01/10
  - Re: Guile scripts and setuid bit -> trouble, Roland Besserer, 2005/01/10
    - Re: Guile scripts and setuid bit -> trouble, tomas <=
    - Re: Guile scripts and setuid bit -> trouble, Kevin Ryde, 2005/01/11
  - Re: Guile scripts and setuid bit -> trouble, Roland Besserer, 2005/01/10

Prev by Date: Re: SCM_LENGTH ???
Next by Date: Re: SCM_LENGTH ???
Previous by thread: Re: Guile scripts and setuid bit -> trouble
Next by thread: Re: Guile scripts and setuid bit -> trouble
Index(es):
- Date
- Thread