setuid scripts wrapper (RFC, proposal)
Sply Splyeff
lists at sply.org
Tue Apr 11 15:20:49 UTC 2006
I've uploaded suidscript.c with updates:
http://suidscript.sply.org/suidscript/suidscript.c
http://suidscript.sply.org/suidscript.tgz
Current implementation checks the safety of an interpreter path and of a script path - all nodes required to be owned by root or script owner and writable only by owner. It's a big limitation, but it works in most cases.
I've tried /dev/fd/ way, but it requires fdescfs mounted which is not common for different freebsd versions and sometimes seems a little buggy. I've included suidscript_fdesc.c which implements /dev/fd/*, but I haven't evere tested it because mount_fdescfs crashes.
More information about the freebsd-hackers
mailing list