There is nothing
Magic about perl that would solve the security
issues that come up when using a 'setuid' bit on the executible. The
setuid capability is a Unix capability and not one specific to the
shell. A setuid script has it's risks if it is written in perl, ksh,
bash, awk, tck/tkl, or whatever. It just needs to handle any security
issues, if they exist, in the code.
Most scripts really don't need the setuid bit, those that do, can use
the 'trap' in the shell to handle any post signal processing. One
example of this can be found in the /etc/profile script that is
executed by everyone that logs into a Unix system. Part of the login
process executes this script to set up a system wide default
environment.
The beginning of the script uses the trap command to set up signals
that need to be handled and the end of the script releases the trap.
My point is that sometimes the setuid bit can help accomplish a task
that would otherwise take some considerable time to design and code.
You just have to be aware of it's use and test it thoroughly.
Hope this helps
Mike
Mladen Gogala wrote:
On 02/18/2006 11:38:01 PM, Joseph Amalraj wrote:
After doing some reading, I agree, that setting suid for shell scripts is poses
security risks. Probably the solution is not to use Shell, but some else like Perl.
So, if switching UID is dangerous with a shell script, it will somehow be
rendered harmless if you use Perl, which allows all kinds of programming
tricks and hacks?
--
http://www.freelists.org/webpage/oracle-l
Received on Sun Feb 19 2006 - 07:00:11 CST