From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Delivered-To: caml-list@yquem.inria.fr Received: from concorde.inria.fr (concorde.inria.fr [192.93.2.39]) by yquem.inria.fr (Postfix) with ESMTP id F108DBC48 for ; Sun, 27 Mar 2005 17:33:53 +0200 (CEST) Received: from pauillac.inria.fr (pauillac.inria.fr [128.93.11.35]) by concorde.inria.fr (8.13.0/8.13.0) with ESMTP id j2RFXrr0020005 for ; Sun, 27 Mar 2005 17:33:53 +0200 Received: from concorde.inria.fr (concorde.inria.fr [192.93.2.39]) by pauillac.inria.fr (8.7.6/8.7.3) with ESMTP id RAA02692 for ; Sun, 27 Mar 2005 17:33:53 +0200 (MET DST) Received: from furbychan.cocan.org (furbychan.cocan.org [80.68.91.176]) by concorde.inria.fr (8.13.0/8.13.0) with ESMTP id j2RFXqbo019999 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Sun, 27 Mar 2005 17:33:53 +0200 Received: from rich by furbychan.cocan.org with local (Exim 3.35 #1 (Debian)) id 1DFZlw-0005r5-00 for ; Sun, 27 Mar 2005 16:33:52 +0100 Date: Sun, 27 Mar 2005 16:33:52 +0100 To: Inria Ocaml Mailing List Subject: Re: [Caml-list] on ocaml and set-user-id programs Message-ID: <20050327153352.GA22455@furbychan.cocan.org> References: <20050327100145.GA9332@fistandantilus.takhisis.org> <1111919517.14376.7.camel@localhost.localdomain> <20050327133423.GA10496@fistandantilus.takhisis.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050327133423.GA10496@fistandantilus.takhisis.org> User-Agent: Mutt/1.3.28i From: Richard Jones X-Miltered: at concorde with ID 4246D261.001 by Joe's j-chkmail (http://j-chkmail.ensmp.fr)! X-Miltered: at concorde with ID 4246D260.001 by Joe's j-chkmail (http://j-chkmail.ensmp.fr)! X-Spam: no; 0.00; caml-list:01 ocaml:01 zacchiroli:01 ocaml:01 pitfalls:01 handler:01 dependencies:01 notepad:01 ifs:98 ...:98 wrote:01 wrote:01 inherited:03 unexpected:03 ian:03 X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on yquem.inria.fr X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=disabled version=3.0.2 X-Spam-Level: On Sun, Mar 27, 2005 at 03:34:23PM +0200, Stefano Zacchiroli wrote: > On Sun, Mar 27, 2005 at 12:31:57PM +0200, Kim Nguyen wrote: > > Indeed. Maybe the ocaml distribution could provide such a wrapper. > Yes, it would be cool. There are many pitfalls to calling a setuid process (in general, not just scripts). For instance several years ago I wrote a setuid program and I was pretty sure I'd covered every base. But then I discovered that signal handler masks actually get inherited across exec(2), so if your program depends on signals, then it could fail if someone passed an unexpected signal mask. There are so many of these strange dependencies (IFS, PATH, signals, BSD resources, ...) that I like the userv[1] approach which bypasses the problems entirely. Either that, or use sudo which is at least well understood. Rich. [1] http://www.chiark.greenend.org.uk/~ian/userv/ -- Richard Jones, CTO Merjis Ltd. Merjis - web marketing and technology - http://merjis.com Team Notepad - intranets and extranets for business - http://team-notepad.com