From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Delivered-To: caml-list@yquem.inria.fr Received: from nez-perce.inria.fr (nez-perce.inria.fr [192.93.2.78]) by yquem.inria.fr (Postfix) with ESMTP id 1D0E3BC48 for ; Sun, 27 Mar 2005 15:34:28 +0200 (CEST) Received: from pauillac.inria.fr (pauillac.inria.fr [128.93.11.35]) by nez-perce.inria.fr (8.13.0/8.13.0) with ESMTP id j2RDYRcs019157 for ; Sun, 27 Mar 2005 15:34:27 +0200 Received: from concorde.inria.fr (concorde.inria.fr [192.93.2.39]) by pauillac.inria.fr (8.7.6/8.7.3) with ESMTP id PAA00260 for ; Sun, 27 Mar 2005 15:34:27 +0200 (MET DST) Received: from ms005msg.fastwebnet.it (ms005msg.fastwebnet.it [213.140.2.50]) by concorde.inria.fr (8.13.0/8.13.0) with ESMTP id j2RDYRiT009329 for ; Sun, 27 Mar 2005 15:34:27 +0200 Received: from fistandantilus.takhisis.org (37.10.140.106) by ms005msg.fastwebnet.it (7.2.052.3) id 41FFB24D00AE167A for caml-list@inria.fr; Sun, 27 Mar 2005 15:34:26 +0200 Received: by fistandantilus.takhisis.org (Postfix, from userid 3148) id D016627405C; Sun, 27 Mar 2005 15:34:23 +0200 (CEST) Date: Sun, 27 Mar 2005 15:34:23 +0200 From: Stefano Zacchiroli To: Inria Ocaml Mailing List Subject: Re: [Caml-list] on ocaml and set-user-id programs Message-ID: <20050327133423.GA10496@fistandantilus.takhisis.org> Mail-Followup-To: Inria Ocaml Mailing List References: <20050327100145.GA9332@fistandantilus.takhisis.org> <1111919517.14376.7.camel@localhost.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1111919517.14376.7.camel@localhost.localdomain> User-Agent: Mutt/1.5.6+20040907i X-Miltered: at nez-perce with ID 4246B663.000 by Joe's j-chkmail (http://j-chkmail.ensmp.fr)! X-Miltered: at concorde with ID 4246B663.000 by Joe's j-chkmail (http://j-chkmail.ensmp.fr)! X-Spam: no; 0.00; zacchiroli:01 caml-list:01 ocaml:01 unices:01 binary:01 perl's:01 ocaml:01 compiler:01 cheers:01 zacchiroli:01 unibo:01 zack:01 zack:01 wrote:01 behaviour:01 X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on yquem.inria.fr X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=disabled version=3.0.2 X-Spam-Level: On Sun, Mar 27, 2005 at 12:31:57PM +0200, Kim Nguyen wrote: > Yes. The linux kernel (and maybe other unices but i'm not sure) disable > the setuid bit for shell scripts since it's really unsecure. Perl > circumvents this by having a setuid binary wrapper that does some extra > security check and launch the scripts (which inherits the privileges of Indeed I was fooled by perl's behaviour since I made test with it and I managed to have an effective user id of 0 on setuid perl scripts. Since I managed to do so without passing "-U" to the interpreter I assumed that was the "normal" behaviour. Now I've just tried with python that works as ocaml indeed. > > This behaviour is annoying and makes impossible to run ocaml set-user-id > > programs where the native code compiler isn't available. > Indeed. Maybe the ocaml distribution could provide such a wrapper. Yes, it would be cool. Thanks to who replied. Cheers. -- Stefano Zacchiroli -*- Computer Science PhD student @ Uny Bologna, Italy zack@{cs.unibo.it,debian.org,bononia.it} -%- http://www.bononia.it/zack/ If there's any real truth it's that the entire multidimensional infinity of the Universe is almost certainly being run by a bunch of maniacs. -!-