| ) Hi, I am just trying to compile perl5.000 on my linux box (Slackware 1.2),
| ) and Configure guesses that setuid #! scripts are not secure, with the
| ) reasoning that the /dev/fd directory is missing???
| ) I might be ignorant, but what does /dev/fd have to do with #! scripts?
| So, how do you think SUID scripts became secure?
| ) any enlightenment anywhere?
| Did you read this part of the code in Configure?
| Yeah, I know, when dist makes Configure it doesn't
| include any of the comments.
| SUID shell scripts are insecure on systems where
| $ head -1 hole
| $ ./hole
| results in something like
| $ /bin/sh ./hole
| (but with a different UID).
| The kernel sees that "./hole" is SUID but by
| the time /bin/sh gets into memory and looks
| up "./hole" it could have been replaced, via
| mv, by some other code (and so "./hole" isn't
| SUID anymore but /bin/sh doesn't recheck this).
| As far as I know (having Configure test for
| secure SUID scripts is brand new), kernels
| with not-known-to-be-insecure (I won't say
| "secure") SUID scripts do something more like:
| $ exec 3<./hole
| Check if opened file is SUID, if so
| $ /bin/sh /dev/fd/3
| so that we know that the file tested for SUID
| and the script /bin/sh opens are really the
| same [since opening /dev/fd/3 just dup()s the
| already-open file descriptor 3].
| If you would like the message reworded somehow,
| please offer any suggestions you have.
Ah, one never stops learning. Now I wonder. Since my Linux doesn't
have /dev/fd, it has no secure SUID #!?
| Nothing is obvious unless you are overlooking something
Mathias Koerber Tel: +65 / 778 00 66 x 29
SW International Systems Pte Ltd Fax: +65 / 777 94 01
S'pore 0511 <A HREF=http://www.swi.com.sg/public/personal/mk.html>MK</A>
The Vatican has the highest population of popes: 5.2 / m^2