* Guile scripts and setuid bit -> trouble
@ 2005-01-07 0:26 Roland Besserer
2005-01-08 2:08 ` Andy Wingo
2005-01-10 8:16 ` tomas
0 siblings, 2 replies; 8+ messages in thread
From: Roland Besserer @ 2005-01-07 0:26 UTC (permalink / raw)
Hi,
I am having an issue running guile scripts on a Solaris 9 machine.
The script starts with the usual:
#!/usr/local/bin/guile \
-e main -s
!#
and works fine when executed.
If I set the setuid bit (chmod u+s) on the script file and try to run it
I get the following error message:
ERROR: Unbound variable: !#
Anyone seen this? What's going on?
Regards
roland
_______________________________________________
Guile-user mailing list
Guile-user@gnu.org
http://lists.gnu.org/mailman/listinfo/guile-user
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Guile scripts and setuid bit -> trouble
2005-01-07 0:26 Guile scripts and setuid bit -> trouble Roland Besserer
@ 2005-01-08 2:08 ` Andy Wingo
2005-01-09 7:11 ` Paul Jarc
2005-01-10 8:16 ` tomas
1 sibling, 1 reply; 8+ messages in thread
From: Andy Wingo @ 2005-01-08 2:08 UTC (permalink / raw)
Hi Roland,
Dunno if Solaris is this old, but:
On Thu, 2005-01-06 at 16:26 -0800, Roland Besserer wrote:
> #!/usr/local/bin/guile \
> -e main -s
> !#
Perhaps you need "#! /usr/local/bin/...", with the space. That's what
the portable shell section of the autoconf manual says iirc. Dunno
really, just grasping at straws.
Regards,
--
Andy Wingo
http://wingolog.org/
_______________________________________________
Guile-user mailing list
Guile-user@gnu.org
http://lists.gnu.org/mailman/listinfo/guile-user
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Guile scripts and setuid bit -> trouble
2005-01-08 2:08 ` Andy Wingo
@ 2005-01-09 7:11 ` Paul Jarc
0 siblings, 0 replies; 8+ messages in thread
From: Paul Jarc @ 2005-01-09 7:11 UTC (permalink / raw)
Cc: guile-user
Andy Wingo <wingo@pobox.com> wrote:
> Perhaps you need "#! /usr/local/bin/...", with the space. That's what
> the portable shell section of the autoconf manual says iirc.
The autoconf manual is mistaken on that point.
http://www.in-ulm.de/~mascheck/various/shebang/#specialities
paul
_______________________________________________
Guile-user mailing list
Guile-user@gnu.org
http://lists.gnu.org/mailman/listinfo/guile-user
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Guile scripts and setuid bit -> trouble
2005-01-07 0:26 Guile scripts and setuid bit -> trouble Roland Besserer
2005-01-08 2:08 ` Andy Wingo
@ 2005-01-10 8:16 ` tomas
2005-01-11 0:03 ` Roland Besserer
2005-01-11 1:08 ` Roland Besserer
1 sibling, 2 replies; 8+ messages in thread
From: tomas @ 2005-01-10 8:16 UTC (permalink / raw)
Cc: guile-user
[-- Attachment #1.1: Type: text/plain, Size: 1024 bytes --]
On Thu, Jan 06, 2005 at 04:26:25PM -0800, Roland Besserer wrote:
>
> Hi,
>
> I am having an issue running guile scripts on a Solaris 9 machine.
> The script starts with the usual:
>
> #!/usr/local/bin/guile \
> -e main -s
> !#
[...]
> ERROR: Unbound variable: !#
hi,
don't know about Solaris -- but note that setuid *scripts* are
special. Done naively they are inherently insecure. Different
systems have different approaches to cope with that. Linux, for
example, just ignores the setuid bit on scripts (you can do
setuid Perl scripts, but that involves some suidperl black magic,
having a setuid Perl interpreter as one of its tasty ingredients,
yummm...). Maybe Solaris is passing an already-open file descriptor
to the shell (i.e. guile), on which the first line is ``read-off'',
so poor guile doesn't get the hash-bang at the beginning?
What happens if you append a backslash to the second line? What if
you change the last one to ``#! !#'' (looks funny, right ;-)
Regards
-- tomás
[-- Attachment #1.2: Type: application/pgp-signature, Size: 189 bytes --]
[-- Attachment #2: Type: text/plain, Size: 140 bytes --]
_______________________________________________
Guile-user mailing list
Guile-user@gnu.org
http://lists.gnu.org/mailman/listinfo/guile-user
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Guile scripts and setuid bit -> trouble
2005-01-10 8:16 ` tomas
@ 2005-01-11 0:03 ` Roland Besserer
2005-01-11 9:06 ` tomas
2005-01-12 0:48 ` Kevin Ryde
2005-01-11 1:08 ` Roland Besserer
1 sibling, 2 replies; 8+ messages in thread
From: Roland Besserer @ 2005-01-11 0:03 UTC (permalink / raw)
Naturally, I'm aware of the inherent security issues but they are not a
concern in this case (isolated machine, etc.).
The script is used to modify a simple text file which has -rw-------
permissions and is owned by a separate user and group and the script
is uid root.
With the script perms -rwxr-xr-x and the test file set to -rw-rw-rw-
everything works fine. If I limit the permissions on the text file and
setuid the script (-rwsr-xr-x) I get the error.
It does work as expected on OSX (guile 1.6.4), so this appears to be
Solaris specific. This is Solaris 8/9 by the way. Turns out that sh
scripts also fail to run as setuid, but they don't give any parse errors,
they just run with the real uid.
I know there is a file system option (nosuid) but all my file system are
mounted with the enable option (uid).
roland
p.s. By the way, I found that the guile-1.6.4 build on OSX does not support
the Posix user information calls like (cuserid).
<tomas@fabula.de> writes:
> On Thu, Jan 06, 2005 at 04:26:25PM -0800, Roland Besserer wrote:
> >
> > Hi,
> >
> > I am having an issue running guile scripts on a Solaris 9 machine.
> > The script starts with the usual:
> >
> > #!/usr/local/bin/guile \
> > -e main -s
> > !#
> [...]
> > ERROR: Unbound variable: !#
>
> hi,
>
> don't know about Solaris -- but note that setuid *scripts* are
> special. Done naively they are inherently insecure. Different
> systems have different approaches to cope with that. Linux, for
> example, just ignores the setuid bit on scripts (you can do
> setuid Perl scripts, but that involves some suidperl black magic,
> having a setuid Perl interpreter as one of its tasty ingredients,
> yummm...). Maybe Solaris is passing an already-open file descriptor
> to the shell (i.e. guile), on which the first line is ``read-off'',
> so poor guile doesn't get the hash-bang at the beginning?
>
> What happens if you append a backslash to the second line? What if
> you change the last one to ``#! !#'' (looks funny, right ;-)
>
> Regards
> -- tomás
_______________________________________________
Guile-user mailing list
Guile-user@gnu.org
http://lists.gnu.org/mailman/listinfo/guile-user
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Guile scripts and setuid bit -> trouble
2005-01-10 8:16 ` tomas
2005-01-11 0:03 ` Roland Besserer
@ 2005-01-11 1:08 ` Roland Besserer
1 sibling, 0 replies; 8+ messages in thread
From: Roland Besserer @ 2005-01-11 1:08 UTC (permalink / raw)
There is an additional piece of information.
On the Solaris 9 box I'm running on, sh scripts require the -p flag
to actually run setuid. Without that switch, the set-uid flag in the
file permission flags is ignored because the shell will not set the
effective uid/gid to the real uid/gid.
It's unclear how that affects running guile. I'd have to dig into that
but maybe someone as an immediate Eureka effect??
Regards
roland
<tomas@fabula.de> writes:
> On Thu, Jan 06, 2005 at 04:26:25PM -0800, Roland Besserer wrote:
> >
> > Hi,
> >
> > I am having an issue running guile scripts on a Solaris 9 machine.
> > The script starts with the usual:
> >
> > #!/usr/local/bin/guile \
> > -e main -s
> > !#
> [...]
> > ERROR: Unbound variable: !#
>
> hi,
>
> don't know about Solaris -- but note that setuid *scripts* are
> special. Done naively they are inherently insecure. Different
> systems have different approaches to cope with that. Linux, for
> example, just ignores the setuid bit on scripts (you can do
> setuid Perl scripts, but that involves some suidperl black magic,
> having a setuid Perl interpreter as one of its tasty ingredients,
> yummm...). Maybe Solaris is passing an already-open file descriptor
> to the shell (i.e. guile), on which the first line is ``read-off'',
> so poor guile doesn't get the hash-bang at the beginning?
>
> What happens if you append a backslash to the second line? What if
> you change the last one to ``#! !#'' (looks funny, right ;-)
>
> Regards
> -- tomás
--
Roland Besserer
Distinguished Member of Technical Staff
Motorola Broadband Communications Sector
809 11th Ave
Sunnyvale, CA 94089
+1 408 541 6608
+1 408 504 4178 GSM
_______________________________________________
Guile-user mailing list
Guile-user@gnu.org
http://lists.gnu.org/mailman/listinfo/guile-user
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Guile scripts and setuid bit -> trouble
2005-01-11 0:03 ` Roland Besserer
@ 2005-01-11 9:06 ` tomas
2005-01-12 0:48 ` Kevin Ryde
1 sibling, 0 replies; 8+ messages in thread
From: tomas @ 2005-01-11 9:06 UTC (permalink / raw)
Cc: guile-user
[-- Attachment #1.1: Type: text/plain, Size: 684 bytes --]
On Mon, Jan 10, 2005 at 04:03:48PM -0800, Roland Besserer wrote:
>
> Naturally, I'm aware of the inherent security issues [...]
Of course. I wasn't questioning that.
What I was musing about was that maybe Solaris is doing some
dirty tricks to make the suid script (somewhat more) secure.
One of the possible approaches seems to be to pass the already-open
file descriptor to the interpreter -- maybe the interpreter (guile
in this case) doesn't `see' the first couple-of-lines of the
file? Solaris forgetting to rewind the file? Don't know.
But maybe... after all you might be better off with a wrapper
setuid (sudo or something custom-built)?
Regards
-- tomás
[-- Attachment #1.2: Type: application/pgp-signature, Size: 189 bytes --]
[-- Attachment #2: Type: text/plain, Size: 140 bytes --]
_______________________________________________
Guile-user mailing list
Guile-user@gnu.org
http://lists.gnu.org/mailman/listinfo/guile-user
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Guile scripts and setuid bit -> trouble
2005-01-11 0:03 ` Roland Besserer
2005-01-11 9:06 ` tomas
@ 2005-01-12 0:48 ` Kevin Ryde
1 sibling, 0 replies; 8+ messages in thread
From: Kevin Ryde @ 2005-01-12 0:48 UTC (permalink / raw)
Cc: guile-user
Roland Besserer<roland@motorola.com> writes:
>
> p.s. By the way, I found that the guile-1.6.4 build on OSX does not support
> the Posix user information calls like (cuserid).
It's supposed to, if they exist. The glibc manual says cuserid is
deprecated, and removed from recent posix.
(The Guile manual probably ought to say when a function, ie. a guile
function, doesn't always exist.)
_______________________________________________
Guile-user mailing list
Guile-user@gnu.org
http://lists.gnu.org/mailman/listinfo/guile-user
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2005-01-12 0:48 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-01-07 0:26 Guile scripts and setuid bit -> trouble Roland Besserer
2005-01-08 2:08 ` Andy Wingo
2005-01-09 7:11 ` Paul Jarc
2005-01-10 8:16 ` tomas
2005-01-11 0:03 ` Roland Besserer
2005-01-11 9:06 ` tomas
2005-01-12 0:48 ` Kevin Ryde
2005-01-11 1:08 ` Roland Besserer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).