From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Paul Eggert Newsgroups: gmane.emacs.bugs Subject: bug#12632: file permissions checking mishandled when setuid Date: Sat, 20 Oct 2012 19:52:22 -0700 Organization: UCLA Computer Science Department Message-ID: <50836366.6080600@cs.ucla.edu> References: <5078CAB6.7020509@cs.ucla.edu> <83a9vq7oqh.fsf@gnu.org> <507A58CC.10209@cs.ucla.edu> <83fw5h5yo6.fsf@gnu.org> <507B010F.20105@cs.ucla.edu> <831uh06gqd.fsf@gnu.org> <507B15B0.2040802@cs.ucla.edu> <83txtw4xmk.fsf@gnu.org> <507B2354.3030408@cs.ucla.edu> <83sj9g4vy7.fsf@gnu.org> <507BAA6C.2000601@cs.ucla.edu> <83lif74p78.fsf@gnu.org> <507C823D.40304@cs.ucla.edu> <83d30j3wqg.fsf@gnu.org> <507CF802.6000305@cs.ucla.edu> <83a9vm4bmv.fsf@gnu.org> <50818763.80501@cs.ucla.edu> <83wqymz4me.fsf@gnu.org> <5081A1DF.9000009@cs.ucla.edu> <5081ABD6.9060002@cs.ucla.edu> <23r4osd2f9.fsf@fencepost.gnu.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Trace: ger.gmane.org 1350788014 21245 80.91.229.3 (21 Oct 2012 02:53:34 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sun, 21 Oct 2012 02:53:34 +0000 (UTC) Cc: 12632@debbugs.gnu.org To: Glenn Morris Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sun Oct 21 04:53:41 2012 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1TPlfT-0000Yj-Mq for geb-bug-gnu-emacs@m.gmane.org; Sun, 21 Oct 2012 04:53:35 +0200 Original-Received: from localhost ([::1]:60552 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TPlfM-0000Yk-D8 for geb-bug-gnu-emacs@m.gmane.org; Sat, 20 Oct 2012 22:53:28 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:34703) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TPlfK-0000YU-0O for bug-gnu-emacs@gnu.org; Sat, 20 Oct 2012 22:53:26 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TPlfI-0000XH-QD for bug-gnu-emacs@gnu.org; Sat, 20 Oct 2012 22:53:25 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:43430) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TPlfI-0000XD-N2 for bug-gnu-emacs@gnu.org; Sat, 20 Oct 2012 22:53:24 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.72) (envelope-from ) id 1TPlgs-0004WN-G8 for bug-gnu-emacs@gnu.org; Sat, 20 Oct 2012 22:55:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Paul Eggert Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 21 Oct 2012 02:55:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 12632 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security patch Original-Received: via spool by 12632-submit@debbugs.gnu.org id=B12632.135078804917306 (code B ref 12632); Sun, 21 Oct 2012 02:55:02 +0000 Original-Received: (at 12632) by debbugs.gnu.org; 21 Oct 2012 02:54:09 +0000 Original-Received: from localhost ([127.0.0.1]:53681 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1TPlg0-0004V5-KS for submit@debbugs.gnu.org; Sat, 20 Oct 2012 22:54:08 -0400 Original-Received: from smtp.cs.ucla.edu ([131.179.128.62]:49536) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1TPlfw-0004UY-No for 12632@debbugs.gnu.org; Sat, 20 Oct 2012 22:54:05 -0400 Original-Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp.cs.ucla.edu (Postfix) with ESMTP id 7D587A60001; Sat, 20 Oct 2012 19:52:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at smtp.cs.ucla.edu Original-Received: from smtp.cs.ucla.edu ([127.0.0.1]) by localhost (smtp.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hhFlyykIzxQd; Sat, 20 Oct 2012 19:52:20 -0700 (PDT) Original-Received: from [192.168.1.3] (pool-108-23-119-2.lsanca.fios.verizon.net [108.23.119.2]) by smtp.cs.ucla.edu (Postfix) with ESMTPSA id 2601139E8105; Sat, 20 Oct 2012 19:52:20 -0700 (PDT) User-Agent: Mozilla/5.0 (X11; Linux i686; rv:16.0) Gecko/20121011 Thunderbird/16.0.1 In-Reply-To: <23r4osd2f9.fsf@fencepost.gnu.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:65809 Archived-At: On 10/20/2012 06:44 PM, Glenn Morris wrote: > I thought setuid shell scripts were not supported on most UNIXs? Yes, nowadays it's typically disabled, but there are obvious workarounds and people use them. They'll create a tiny executable that is setuid, which turns around and invokes the script. It's not something one would recommend for highly secure environments, but that doesn't mean it doesn't happen.