[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Guile scripts and setuid bit -> trouble
From: |
Roland Besserer |
Subject: |
Re: Guile scripts and setuid bit -> trouble |
Date: |
10 Jan 2005 17:08:58 -0800 |
User-agent: |
Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 |
There is an additional piece of information.
On the Solaris 9 box I'm running on, sh scripts require the -p flag
to actually run setuid. Without that switch, the set-uid flag in the
file permission flags is ignored because the shell will not set the
effective uid/gid to the real uid/gid.
It's unclear how that affects running guile. I'd have to dig into that
but maybe someone as an immediate Eureka effect??
Regards
roland
<address@hidden> writes:
> On Thu, Jan 06, 2005 at 04:26:25PM -0800, Roland Besserer wrote:
> >
> > Hi,
> >
> > I am having an issue running guile scripts on a Solaris 9 machine.
> > The script starts with the usual:
> >
> > #!/usr/local/bin/guile \
> > -e main -s
> > !#
> [...]
> > ERROR: Unbound variable: !#
>
> hi,
>
> don't know about Solaris -- but note that setuid *scripts* are
> special. Done naively they are inherently insecure. Different
> systems have different approaches to cope with that. Linux, for
> example, just ignores the setuid bit on scripts (you can do
> setuid Perl scripts, but that involves some suidperl black magic,
> having a setuid Perl interpreter as one of its tasty ingredients,
> yummm...). Maybe Solaris is passing an already-open file descriptor
> to the shell (i.e. guile), on which the first line is ``read-off'',
> so poor guile doesn't get the hash-bang at the beginning?
>
> What happens if you append a backslash to the second line? What if
> you change the last one to ``#! !#'' (looks funny, right ;-)
>
> Regards
> -- tomás
--
Roland Besserer
Distinguished Member of Technical Staff
Motorola Broadband Communications Sector
809 11th Ave
Sunnyvale, CA 94089
+1 408 541 6608
+1 408 504 4178 GSM