Version française
Home     About     Download     Resources     Contact us    
Browse thread
on ocaml and set-user-id programs
[ Home ] [ Index: by date | by threads ]
[ Search: ]

[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
Date: -- (:)
From: Stefano Zacchiroli <zack@b...>
Subject: Re: [Caml-list] on ocaml and set-user-id programs
On Sun, Mar 27, 2005 at 12:31:57PM +0200, Kim Nguyen wrote:
> Yes. The linux kernel (and maybe other unices but i'm not sure) disable
> the setuid bit for shell scripts since it's really unsecure. Perl
> circumvents this by having a setuid binary wrapper that does some extra
> security check and launch the scripts (which inherits the privileges of

Indeed I was fooled by perl's behaviour since I made test with it and I
managed to have an effective user id of 0 on setuid perl scripts. Since
I managed to do so without passing "-U" to the interpreter I assumed
that was the "normal" behaviour. Now I've just tried with python that
works as ocaml indeed.

> > This behaviour is annoying and makes impossible to run ocaml set-user-id
> > programs where the native code compiler isn't available. 
> Indeed. Maybe the ocaml distribution could provide such a wrapper.

Yes, it would be cool.

Thanks to who replied.
Cheers.

-- 
Stefano Zacchiroli -*- Computer Science PhD student @ Uny Bologna, Italy
zack@{cs.unibo.it,debian.org,bononia.it} -%- http://www.bononia.it/zack/
If there's any real truth it's that the entire multidimensional infinity
of the Universe is almost certainly being run by a bunch of maniacs. -!-