Are setuid #!/foo/bar scripts secure in Linux ?

Darren J Moffat (darren@xarius.demon.co.uk)
Wed, 7 Aug 1996 19:18:18 +0100 (BST)


[Please note: this message has been PGP clear-signed. The signature may fail
if the mail message has been altered by a transport agent during delivery.]

-----BEGIN PGP SIGNED MESSAGE-----

- From the perlsec(1):

There are some systems on which setuid scripts are free of
this inherent security bug. For example, recent releases
of Solaris are like this. On such systems, when the
kernel passes the name of the setuid script to open to the
interpreter, rather than using a pathname subject to
mettling, it instead passes /dev/fd/3. This is a special
file already opened on the script, so that there can be no
race condition for evil scripts to exploit. On these
systems, Perl should be compiled with
-DSETUID_SCRIPTS_ARE_SECURE_NOW. The Configure program
that builds Perl tries to figure this out for itself.

Is this the case on Linux, if not can we "make it so" in the 2.1.x series?

- --
Darren J Moffat

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBMgjd8EYPsalGaiUVAQEeoQP9FNdnsRzCD+cdZMDVxyhioe4oQERR34Sr
QOpf7MmzpghtyR1JWNOApAohXgl4dKNQL3XXeYC/WjfdUA4t6wDeGiepvC4WsiSg
mUI9q7xHEK0aN3ZkGIiMjRVRu6gN27yE1ptvAdwZApFgHQ1OkAKpvNMhd9QeDKH4
4TQej50bCtM=
=d5/D
-----END PGP SIGNATURE-----