* Guile scripts and setuid bit -> trouble @ 2005-01-07 0:26 Roland Besserer 2005-01-08 2:08 ` Andy Wingo 2005-01-10 8:16 ` tomas 0 siblings, 2 replies; 8+ messages in thread From: Roland Besserer @ 2005-01-07 0:26 UTC (permalink / raw) Hi, I am having an issue running guile scripts on a Solaris 9 machine. The script starts with the usual: #!/usr/local/bin/guile \ -e main -s !# and works fine when executed. If I set the setuid bit (chmod u+s) on the script file and try to run it I get the following error message: ERROR: Unbound variable: !# Anyone seen this? What's going on? Regards roland _______________________________________________ Guile-user mailing list Guile-user@gnu.org http://lists.gnu.org/mailman/listinfo/guile-user ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Guile scripts and setuid bit -> trouble 2005-01-07 0:26 Guile scripts and setuid bit -> trouble Roland Besserer @ 2005-01-08 2:08 ` Andy Wingo 2005-01-09 7:11 ` Paul Jarc 2005-01-10 8:16 ` tomas 1 sibling, 1 reply; 8+ messages in thread From: Andy Wingo @ 2005-01-08 2:08 UTC (permalink / raw) Hi Roland, Dunno if Solaris is this old, but: On Thu, 2005-01-06 at 16:26 -0800, Roland Besserer wrote: > #!/usr/local/bin/guile \ > -e main -s > !# Perhaps you need "#! /usr/local/bin/...", with the space. That's what the portable shell section of the autoconf manual says iirc. Dunno really, just grasping at straws. Regards, -- Andy Wingo http://wingolog.org/ _______________________________________________ Guile-user mailing list Guile-user@gnu.org http://lists.gnu.org/mailman/listinfo/guile-user ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Guile scripts and setuid bit -> trouble 2005-01-08 2:08 ` Andy Wingo @ 2005-01-09 7:11 ` Paul Jarc 0 siblings, 0 replies; 8+ messages in thread From: Paul Jarc @ 2005-01-09 7:11 UTC (permalink / raw) Cc: guile-user Andy Wingo <wingo@pobox.com> wrote: > Perhaps you need "#! /usr/local/bin/...", with the space. That's what > the portable shell section of the autoconf manual says iirc. The autoconf manual is mistaken on that point. http://www.in-ulm.de/~mascheck/various/shebang/#specialities paul _______________________________________________ Guile-user mailing list Guile-user@gnu.org http://lists.gnu.org/mailman/listinfo/guile-user ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Guile scripts and setuid bit -> trouble 2005-01-07 0:26 Guile scripts and setuid bit -> trouble Roland Besserer 2005-01-08 2:08 ` Andy Wingo @ 2005-01-10 8:16 ` tomas 2005-01-11 0:03 ` Roland Besserer 2005-01-11 1:08 ` Roland Besserer 1 sibling, 2 replies; 8+ messages in thread From: tomas @ 2005-01-10 8:16 UTC (permalink / raw) Cc: guile-user [-- Attachment #1.1: Type: text/plain, Size: 1024 bytes --] On Thu, Jan 06, 2005 at 04:26:25PM -0800, Roland Besserer wrote: > > Hi, > > I am having an issue running guile scripts on a Solaris 9 machine. > The script starts with the usual: > > #!/usr/local/bin/guile \ > -e main -s > !# [...] > ERROR: Unbound variable: !# hi, don't know about Solaris -- but note that setuid *scripts* are special. Done naively they are inherently insecure. Different systems have different approaches to cope with that. Linux, for example, just ignores the setuid bit on scripts (you can do setuid Perl scripts, but that involves some suidperl black magic, having a setuid Perl interpreter as one of its tasty ingredients, yummm...). Maybe Solaris is passing an already-open file descriptor to the shell (i.e. guile), on which the first line is ``read-off'', so poor guile doesn't get the hash-bang at the beginning? What happens if you append a backslash to the second line? What if you change the last one to ``#! !#'' (looks funny, right ;-) Regards -- tomás [-- Attachment #1.2: Type: application/pgp-signature, Size: 189 bytes --] [-- Attachment #2: Type: text/plain, Size: 140 bytes --] _______________________________________________ Guile-user mailing list Guile-user@gnu.org http://lists.gnu.org/mailman/listinfo/guile-user ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Guile scripts and setuid bit -> trouble 2005-01-10 8:16 ` tomas @ 2005-01-11 0:03 ` Roland Besserer 2005-01-11 9:06 ` tomas 2005-01-12 0:48 ` Kevin Ryde 2005-01-11 1:08 ` Roland Besserer 1 sibling, 2 replies; 8+ messages in thread From: Roland Besserer @ 2005-01-11 0:03 UTC (permalink / raw) Naturally, I'm aware of the inherent security issues but they are not a concern in this case (isolated machine, etc.). The script is used to modify a simple text file which has -rw------- permissions and is owned by a separate user and group and the script is uid root. With the script perms -rwxr-xr-x and the test file set to -rw-rw-rw- everything works fine. If I limit the permissions on the text file and setuid the script (-rwsr-xr-x) I get the error. It does work as expected on OSX (guile 1.6.4), so this appears to be Solaris specific. This is Solaris 8/9 by the way. Turns out that sh scripts also fail to run as setuid, but they don't give any parse errors, they just run with the real uid. I know there is a file system option (nosuid) but all my file system are mounted with the enable option (uid). roland p.s. By the way, I found that the guile-1.6.4 build on OSX does not support the Posix user information calls like (cuserid). <tomas@fabula.de> writes: > On Thu, Jan 06, 2005 at 04:26:25PM -0800, Roland Besserer wrote: > > > > Hi, > > > > I am having an issue running guile scripts on a Solaris 9 machine. > > The script starts with the usual: > > > > #!/usr/local/bin/guile \ > > -e main -s > > !# > [...] > > ERROR: Unbound variable: !# > > hi, > > don't know about Solaris -- but note that setuid *scripts* are > special. Done naively they are inherently insecure. Different > systems have different approaches to cope with that. Linux, for > example, just ignores the setuid bit on scripts (you can do > setuid Perl scripts, but that involves some suidperl black magic, > having a setuid Perl interpreter as one of its tasty ingredients, > yummm...). Maybe Solaris is passing an already-open file descriptor > to the shell (i.e. guile), on which the first line is ``read-off'', > so poor guile doesn't get the hash-bang at the beginning? > > What happens if you append a backslash to the second line? What if > you change the last one to ``#! !#'' (looks funny, right ;-) > > Regards > -- tomás _______________________________________________ Guile-user mailing list Guile-user@gnu.org http://lists.gnu.org/mailman/listinfo/guile-user ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Guile scripts and setuid bit -> trouble 2005-01-11 0:03 ` Roland Besserer @ 2005-01-11 9:06 ` tomas 2005-01-12 0:48 ` Kevin Ryde 1 sibling, 0 replies; 8+ messages in thread From: tomas @ 2005-01-11 9:06 UTC (permalink / raw) Cc: guile-user [-- Attachment #1.1: Type: text/plain, Size: 684 bytes --] On Mon, Jan 10, 2005 at 04:03:48PM -0800, Roland Besserer wrote: > > Naturally, I'm aware of the inherent security issues [...] Of course. I wasn't questioning that. What I was musing about was that maybe Solaris is doing some dirty tricks to make the suid script (somewhat more) secure. One of the possible approaches seems to be to pass the already-open file descriptor to the interpreter -- maybe the interpreter (guile in this case) doesn't `see' the first couple-of-lines of the file? Solaris forgetting to rewind the file? Don't know. But maybe... after all you might be better off with a wrapper setuid (sudo or something custom-built)? Regards -- tomás [-- Attachment #1.2: Type: application/pgp-signature, Size: 189 bytes --] [-- Attachment #2: Type: text/plain, Size: 140 bytes --] _______________________________________________ Guile-user mailing list Guile-user@gnu.org http://lists.gnu.org/mailman/listinfo/guile-user ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Guile scripts and setuid bit -> trouble 2005-01-11 0:03 ` Roland Besserer 2005-01-11 9:06 ` tomas @ 2005-01-12 0:48 ` Kevin Ryde 1 sibling, 0 replies; 8+ messages in thread From: Kevin Ryde @ 2005-01-12 0:48 UTC (permalink / raw) Cc: guile-user Roland Besserer<roland@motorola.com> writes: > > p.s. By the way, I found that the guile-1.6.4 build on OSX does not support > the Posix user information calls like (cuserid). It's supposed to, if they exist. The glibc manual says cuserid is deprecated, and removed from recent posix. (The Guile manual probably ought to say when a function, ie. a guile function, doesn't always exist.) _______________________________________________ Guile-user mailing list Guile-user@gnu.org http://lists.gnu.org/mailman/listinfo/guile-user ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Guile scripts and setuid bit -> trouble 2005-01-10 8:16 ` tomas 2005-01-11 0:03 ` Roland Besserer @ 2005-01-11 1:08 ` Roland Besserer 1 sibling, 0 replies; 8+ messages in thread From: Roland Besserer @ 2005-01-11 1:08 UTC (permalink / raw) There is an additional piece of information. On the Solaris 9 box I'm running on, sh scripts require the -p flag to actually run setuid. Without that switch, the set-uid flag in the file permission flags is ignored because the shell will not set the effective uid/gid to the real uid/gid. It's unclear how that affects running guile. I'd have to dig into that but maybe someone as an immediate Eureka effect?? Regards roland <tomas@fabula.de> writes: > On Thu, Jan 06, 2005 at 04:26:25PM -0800, Roland Besserer wrote: > > > > Hi, > > > > I am having an issue running guile scripts on a Solaris 9 machine. > > The script starts with the usual: > > > > #!/usr/local/bin/guile \ > > -e main -s > > !# > [...] > > ERROR: Unbound variable: !# > > hi, > > don't know about Solaris -- but note that setuid *scripts* are > special. Done naively they are inherently insecure. Different > systems have different approaches to cope with that. Linux, for > example, just ignores the setuid bit on scripts (you can do > setuid Perl scripts, but that involves some suidperl black magic, > having a setuid Perl interpreter as one of its tasty ingredients, > yummm...). Maybe Solaris is passing an already-open file descriptor > to the shell (i.e. guile), on which the first line is ``read-off'', > so poor guile doesn't get the hash-bang at the beginning? > > What happens if you append a backslash to the second line? What if > you change the last one to ``#! !#'' (looks funny, right ;-) > > Regards > -- tomás -- Roland Besserer Distinguished Member of Technical Staff Motorola Broadband Communications Sector 809 11th Ave Sunnyvale, CA 94089 +1 408 541 6608 +1 408 504 4178 GSM _______________________________________________ Guile-user mailing list Guile-user@gnu.org http://lists.gnu.org/mailman/listinfo/guile-user ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2005-01-12 0:48 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2005-01-07 0:26 Guile scripts and setuid bit -> trouble Roland Besserer 2005-01-08 2:08 ` Andy Wingo 2005-01-09 7:11 ` Paul Jarc 2005-01-10 8:16 ` tomas 2005-01-11 0:03 ` Roland Besserer 2005-01-11 9:06 ` tomas 2005-01-12 0:48 ` Kevin Ryde 2005-01-11 1:08 ` Roland Besserer
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).