From mboxrd@z Thu Jan 1 00:00:00 1970 Path: main.gmane.org!not-for-mail From: Roland Besserer Newsgroups: gmane.lisp.guile.user Subject: Re: Guile scripts and setuid bit -> trouble Date: 10 Jan 2005 17:08:58 -0800 Message-ID: References: <20050110081618.GA15094@www> Reply-To: roland@motorola.com NNTP-Posting-Host: deer.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Trace: sea.gmane.org 1105406023 3284 80.91.229.6 (11 Jan 2005 01:13:43 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Tue, 11 Jan 2005 01:13:43 +0000 (UTC) Original-X-From: guile-user-bounces+guile-user=m.gmane.org@gnu.org Tue Jan 11 02:13:32 2005 Return-path: Original-Received: from lists.gnu.org ([199.232.76.165]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1CoAbE-00078C-00 for ; Tue, 11 Jan 2005 02:13:32 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1CoAmk-0007Yo-RI for guile-user@m.gmane.org; Mon, 10 Jan 2005 20:25:26 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1CoAlp-0007OM-9l for guile-user@gnu.org; Mon, 10 Jan 2005 20:24:32 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1CoAlh-0007HJ-Mt for guile-user@gnu.org; Mon, 10 Jan 2005 20:24:24 -0500 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1CoAlg-0007Ff-KO for guile-user@gnu.org; Mon, 10 Jan 2005 20:24:20 -0500 Original-Received: from [129.188.136.8] (helo=motgate8.mot.com) by monty-python.gnu.org with esmtp (Exim 4.34) id 1CoAWu-0000C3-JX for guile-user@gnu.org; Mon, 10 Jan 2005 20:09:04 -0500 Original-Received: from il06exr03.mot.com (il06exr03.mot.com [129.188.137.133]) by motgate8.mot.com (Motorola/Motgate8) with ESMTP id j0B1AtJD011581 for ; Mon, 10 Jan 2005 18:10:55 -0700 (MST) Original-Received: from pa06exr01.gic.gi.com (pa06exr01.gic.gi.com [168.84.176.73]) by il06exr03.mot.com (Motorola/il06exr03) with ESMTP id j0B192Nx002481 for ; Mon, 10 Jan 2005 19:09:02 -0600 Original-Received: from kanaha.am.mot.com (kanaha.am.mot.com [10.72.33.151]) by pa06exr01.gic.gi.com (Motorola/8.11.6) with ESMTP id j0B1gF611236 for ; Mon, 10 Jan 2005 19:42:16 -0600 Original-Received: from motorola.com (localhost [127.0.0.1]) by kanaha.am.mot.com (8.12.5+Sun/8.12.5) with ESMTP id j0B18x59002777 for ; Mon, 10 Jan 2005 17:09:00 -0800 (PST) Original-Received: (from roland@localhost) by motorola.com (8.12.5+Sun/8.12.5/Submit) id j0B18wCT002774; Mon, 10 Jan 2005 17:08:58 -0800 (PST) Original-To: In-Reply-To: <20050110081618.GA15094@www> Original-Lines: 57 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 X-BeenThere: guile-user@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: General Guile related discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: guile-user-bounces+guile-user=m.gmane.org@gnu.org Errors-To: guile-user-bounces+guile-user=m.gmane.org@gnu.org Xref: main.gmane.org gmane.lisp.guile.user:4044 X-Report-Spam: http://spam.gmane.org/gmane.lisp.guile.user:4044 There is an additional piece of information. On the Solaris 9 box I'm running on, sh scripts require the -p flag to actually run setuid. Without that switch, the set-uid flag in the=20 file permission flags is ignored because the shell will not set the effective uid/gid to the real uid/gid. It's unclear how that affects running guile. I'd have to dig into that but maybe someone as an immediate Eureka effect??=20=20=20=20=20=20=20 Regards roland writes: > On Thu, Jan 06, 2005 at 04:26:25PM -0800, Roland Besserer wrote: > >=20 > > Hi, > >=20 > > I am having an issue running guile scripts on a Solaris 9 machine. > > The script starts with the usual: > >=20 > > #!/usr/local/bin/guile \ > > -e main -s > > !# > [...] > > ERROR: Unbound variable: !# >=20 > hi, >=20 > don't know about Solaris -- but note that setuid *scripts* are > special. Done naively they are inherently insecure. Different > systems have different approaches to cope with that. Linux, for > example, just ignores the setuid bit on scripts (you can do > setuid Perl scripts, but that involves some suidperl black magic, > having a setuid Perl interpreter as one of its tasty ingredients, > yummm...). Maybe Solaris is passing an already-open file descriptor > to the shell (i.e. guile), on which the first line is ``read-off'', > so poor guile doesn't get the hash-bang at the beginning? >=20 > What happens if you append a backslash to the second line? What if > you change the last one to ``#! !#'' (looks funny, right ;-) >=20 > Regards > -- tom=E1s --=20 Roland Besserer Distinguished Member of Technical Staff Motorola Broadband Communications Sector 809 11th Ave Sunnyvale, CA 94089 +1 408 541 6608 +1 408 504 4178 GSM _______________________________________________ Guile-user mailing list Guile-user@gnu.org http://lists.gnu.org/mailman/listinfo/guile-user