Re: Capabilities done right [diff against 2.3.1]

Rogier Wolff (R.E.Wolff@BitWizard.nl)
Mon, 17 May 1999 14:29:51 +0200 (MEST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jos Hulzink: "Faster /proc access"
Previous message: Pavel Machek: "Re: Capabilities done right [diff against 2.3.1]"

Linus Torvalds wrote:
>
>
> On Sun, 16 May 1999, Pavel Machek wrote:
> >
> > Only other executables are a.out (nobody uses them these days) and
> > scripts. But take a look: we do not honour setuid bit on scripts,
> > anyway!
>
> I know. But that's not a feature - it's a misfeature forced upon us by the
> fact that "sh" was never very good at understanding security issues.
>
> Let's not use a misfeature as an argument against doing things right.

So why don't we expand #! interpretation to support this right?

How about the "API":

#!0:/bin/sh -

This opens the script on fd 0. (I'm not sure what a shell will do with
"- /bin/somescript" as the arguments).

That should eliminate the race between starting the shell (setuid) and
it opening the script.

Besides that sh still needs protection from IFS attacks, are there more
issues?

I agree that blindly adding API features is a bad idea. However here
we have a chance of fixing something right that has been broken for
years.

Roger.

-- ** R.E.Wolff@BitWizard.nl ** http://www.BitWizard.nl/ ** +31-15-2137555 ** *-- BitWizard writes Linux device drivers for any device you may have! --* ------ Microsoft SELLS you Windows, Linux GIVES you the whole house ------

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Jos Hulzink: "Faster /proc access"
Previous message: Pavel Machek: "Re: Capabilities done right [diff against 2.3.1]"