Browse thread
on ocaml and set-user-id programs
-
Stefano Zacchiroli
-
Kim Nguyen
- Stefano Zacchiroli
- Richard Jones
-
Kim Nguyen
[
Home
]
[ Index:
by date
|
by threads
]
[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
| Date: | -- (:) |
| From: | Stefano Zacchiroli <zack@b...> |
| Subject: | Re: [Caml-list] on ocaml and set-user-id programs |
On Sun, Mar 27, 2005 at 12:31:57PM +0200, Kim Nguyen wrote:
> Yes. The linux kernel (and maybe other unices but i'm not sure) disable
> the setuid bit for shell scripts since it's really unsecure. Perl
> circumvents this by having a setuid binary wrapper that does some extra
> security check and launch the scripts (which inherits the privileges of
Indeed I was fooled by perl's behaviour since I made test with it and I
managed to have an effective user id of 0 on setuid perl scripts. Since
I managed to do so without passing "-U" to the interpreter I assumed
that was the "normal" behaviour. Now I've just tried with python that
works as ocaml indeed.
> > This behaviour is annoying and makes impossible to run ocaml set-user-id
> > programs where the native code compiler isn't available.
> Indeed. Maybe the ocaml distribution could provide such a wrapper.
Yes, it would be cool.
Thanks to who replied.
Cheers.
--
Stefano Zacchiroli -*- Computer Science PhD student @ Uny Bologna, Italy
zack@{cs.unibo.it,debian.org,bononia.it} -%- http://www.bononia.it/zack/
If there's any real truth it's that the entire multidimensional infinity
of the Universe is almost certainly being run by a bunch of maniacs. -!-