Browse thread
on ocaml and set-user-id programs
-
Stefano Zacchiroli
-
Kim Nguyen
-
Stefano Zacchiroli
- Richard Jones
-
Stefano Zacchiroli
- Richard Jones
-
Kim Nguyen
[
Home
]
[ Index:
by date
|
by threads
]
[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
| Date: | -- (:) |
| From: | Richard Jones <rich@a...> |
| Subject: | Re: [Caml-list] on ocaml and set-user-id programs |
On Sun, Mar 27, 2005 at 03:34:23PM +0200, Stefano Zacchiroli wrote: > On Sun, Mar 27, 2005 at 12:31:57PM +0200, Kim Nguyen wrote: > > Indeed. Maybe the ocaml distribution could provide such a wrapper. > Yes, it would be cool. There are many pitfalls to calling a setuid process (in general, not just scripts). For instance several years ago I wrote a setuid program and I was pretty sure I'd covered every base. But then I discovered that signal handler masks actually get inherited across exec(2), so if your program depends on signals, then it could fail if someone passed an unexpected signal mask. There are so many of these strange dependencies (IFS, PATH, signals, BSD resources, ...) that I like the userv[1] approach which bypasses the problems entirely. Either that, or use sudo which is at least well understood. Rich. [1] http://www.chiark.greenend.org.uk/~ian/userv/ -- Richard Jones, CTO Merjis Ltd. Merjis - web marketing and technology - http://merjis.com Team Notepad - intranets and extranets for business - http://team-notepad.com