|
|
Run SUID shell scripts safely
Sure, and OS X uses the file descriptor mechanism.
SUID scripts are still unsafe in OS/X
The suggestion that "modern unices" are not vulnerable to the suid #! script race condition because they pass an open fd to the script may or may not be true (based on other messages here, "modern unix" usually means "versions of Linux I am familiar with"), but it doesn't apply to OS/X. If you'll page back through the previous articles in this hint, you'll find my documentation of a sucessful exploit of this race condition to get a root shell prompt on OS/X 10.3.9. Please, don't use analogies with other versions of UNIX to make generalization about OS/X: analogies are useful in generating hypotheses, but the hypotheses still need to be tested! |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysNo new commentsLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.08 seconds |
|