From: Daniel Browne <dbrowne@(email surpressed)> Subject: SUID scripts in Perl Date: Mon, 05 Apr 2010 18:56:01 -0400 |
Msg# 1929 View Complete Thread (3 articles) | All Threads Last Next |
This is a bit off topic, but I thought if anyone knew it would be you, Greg. Is there a way to do SUID perl scripts in MacOS X 10.6? I know some time ago the direct method of setting the SUID permissions bit on a script was blocked by Apple because of the security issue. Do you know of an alternative mechanism, other than resorting to C binary wrappers or sudo commands? I can't find perlsec or suidperl executables in the standard Mac install. Thanks, -Dan |
From: Greg Ercolano <erco@(email surpressed)> Subject: Re: SUID scripts in Perl Date: Mon, 05 Apr 2010 20:10:50 -0400 |
Msg# 1930 View Complete Thread (3 articles) | All Threads Last Next |
Daniel Browne wrote: > [posted to rush.general] > > This is a bit off topic, but I thought if anyone knew it would be you, Greg= > . Is there a way to do SUID perl scripts in MacOS X 10.6? I know some time = > ago the direct method of setting the SUID permissions bit on a script was b= > locked by Apple because of the security issue. Do you know of an alternativ= > e mechanism, other than resorting to C binary wrappers or sudo commands? I = > can't find perlsec or suidperl executables in the standard Mac install. It's disabled by default on ALL platforms. It's the kernel that handles the #! stuff, so to turn it on would be a kernel tweak, so I'd expect sysctl would let you control it; see 'sysctl -a | grep script' But sudo and binary C wrappers are the approach I usually use, and in the case of C wrappers, carefully perm their execution bits so that only the appropriate users can run them. -- Greg Ercolano, erco@(email surpressed) Seriss Corporation Rush Render Queue, http://seriss.com/rush/ Tel: (Tel# suppressed) Fax: (Tel# suppressed) Cel: (Tel# suppressed) |
From: Daniel Browne <dbrowne@(email surpressed)> Subject: Re: SUID scripts in Perl Date: Mon, 05 Apr 2010 21:52:14 -0400 |
Msg# 1931 View Complete Thread (3 articles) | All Threads Last Next |
That's kind of what I thought. Thanks Greg. On Apr 5, 2010, at 5:10 PM, Greg Ercolano wrote: [posted to rush.general] Daniel Browne wrote: > [posted to rush.general] > > This is a bit off topic, but I thought if anyone knew it would be you, Greg= > . Is there a way to do SUID perl scripts in MacOS X 10.6? I know some time = > ago the direct method of setting the SUID permissions bit on a script was b= > locked by Apple because of the security issue. Do you know of an alternativ= > e mechanism, other than resorting to C binary wrappers or sudo commands? I = > can't find perlsec or suidperl executables in the standard Mac install. It's disabled by default on ALL platforms. It's the kernel that handles the #! stuff, so to turn it on would be a kernel tweak, so I'd expect sysctl would let you control it; see 'sysctl -a | grep script' But sudo and binary C wrappers are the approach I usually use, and in the case of C wrappers, carefully perm their execution bits so that only the appropriate users can run them. -- Greg Ercolano, erco@(email surpressed) Seriss Corporation Rush Render Queue, http://seriss.com/rush/ Tel: (Tel# suppressed) Fax: (Tel# suppressed) Cel: (Tel# suppressed) |