[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: user access to network scripts



On Mon, May 11, 1998 at 06:02:17PM +0300, Tuvik Beker wrote:

> Each time such a switch is made, the interface should be brought sown,
> then up again with new parameters.
> 
> Up to this point there's no specia difficulty. The problem is that the
> whole procedure should be made not only by the superuser, but by a wide
> group of users, possibly all users. The system is physically secured, so
> generally security is considered a secondary issue on it, but this is an
> extreme case.
> I have to allow users to perform the procedure, but would like to
> minimize the changes to permissions of system files. 

How generic is the operation? Can you have two scripts that take no
command-line input whatsoever, with all the parameters hardcoded?

Iff so (and if the parameters aren't going to need much maintenance)
I think you may be safe with suidperl. However, make sure you:
	- use perl5.004-4 (older ones had buffer overruns)
	- read perlsec(1) carefully
	- stay tuned to security updates

Also, consider using the small c wrapper (I think it's inside the perlsec
page). suid scripts will always be problematic.

And, that said, also consider whether writing the whole thing in c isn't
too bad. The work itself doesn't sound too complex, and a statically
linked c program can give you peace of mind you just can't get from scripts.

Further references:
	Writing Safe Setuid Programs
	http://olympus.cs.ucdavis.edu/~bishop/secprog.html

	Designing secure software
	http://www.sun.com/
	sunworldonline/swol-04-1998/swol-04-security.html?040198i


Hope this helps.

--
seeing is believing
gaal@forum2.org
http://www.forum2.org/gaal/