From mboxrd@z Thu Jan 1 00:00:00 1970 Path: main.gmane.org!not-for-mail From: tomas@fabula.de Newsgroups: gmane.lisp.guile.user Subject: Re: Guile scripts and setuid bit -> trouble Date: Tue, 11 Jan 2005 10:06:42 +0100 Message-ID: <20050111090642.GA19962@www> References: <20050110081618.GA15094@www> NNTP-Posting-Host: deer.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0158863390==" X-Trace: sea.gmane.org 1105435098 28800 80.91.229.6 (11 Jan 2005 09:18:18 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Tue, 11 Jan 2005 09:18:18 +0000 (UTC) Cc: guile-user@gnu.org Original-X-From: guile-user-bounces+guile-user=m.gmane.org@gnu.org Tue Jan 11 10:18:13 2005 Return-path: Original-Received: from lists.gnu.org ([199.232.76.165]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1CoIAG-0004OS-00 for ; Tue, 11 Jan 2005 10:18:12 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1CoILo-00044F-EI for guile-user@m.gmane.org; Tue, 11 Jan 2005 04:30:08 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1CoIDw-00030Y-Kx for guile-user@gnu.org; Tue, 11 Jan 2005 04:22:01 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1CoIDg-0002wu-Qx for guile-user@gnu.org; Tue, 11 Jan 2005 04:21:45 -0500 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1CoIDf-0002so-Om for guile-user@gnu.org; Tue, 11 Jan 2005 04:21:44 -0500 Original-Received: from [217.22.192.104] (helo=www.elogos.de) by monty-python.gnu.org with esmtp (Exim 4.34) id 1CoHzB-0006ck-9j for guile-user@gnu.org; Tue, 11 Jan 2005 04:06:45 -0500 Original-Received: by www.elogos.de (Postfix, from userid 5002) id A6E2215060; Tue, 11 Jan 2005 10:06:42 +0100 (CET) Original-To: Roland Besserer In-Reply-To: User-Agent: Mutt/1.5.3i X-BeenThere: guile-user@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: General Guile related discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: guile-user-bounces+guile-user=m.gmane.org@gnu.org Errors-To: guile-user-bounces+guile-user=m.gmane.org@gnu.org Xref: main.gmane.org gmane.lisp.guile.user:4046 X-Report-Spam: http://spam.gmane.org/gmane.lisp.guile.user:4046 --===============0158863390== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="HcAYCG3uE/tztfnV" Content-Disposition: inline --HcAYCG3uE/tztfnV Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jan 10, 2005 at 04:03:48PM -0800, Roland Besserer wrote: >=20 > Naturally, I'm aware of the inherent security issues [...] Of course. I wasn't questioning that. What I was musing about was that maybe Solaris is doing some dirty tricks to make the suid script (somewhat more) secure. One of the possible approaches seems to be to pass the already-open file descriptor to the interpreter -- maybe the interpreter (guile in this case) doesn't `see' the first couple-of-lines of the file? Solaris forgetting to rewind the file? Don't know. But maybe... after all you might be better off with a wrapper setuid (sudo or something custom-built)? Regards -- tom=E1s --HcAYCG3uE/tztfnV Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFB45ciBcgs9XrR2kYRAkxiAJ9rSSME7lIb/ZZg1IIi6Q6fE46PSgCfUVLq mdps080rdqOcT9jemlAJ5Xo= =nrly -----END PGP SIGNATURE----- --HcAYCG3uE/tztfnV-- --===============0158863390== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Guile-user mailing list Guile-user@gnu.org http://lists.gnu.org/mailman/listinfo/guile-user --===============0158863390==--