Path: utzoo!utgpu!utstat!jarvis.csri.toronto.edu!mailrus!wuarchive!brutus.cs.uiuc.edu!ginosko!aplcen!haven!adm!xadmx!danl@midget.towson.edu
From: danl@midget.towson.edu
Newsgroups: comp.unix.questions
Subject: Re: INFO-UNIX Digest V8#100
Message-ID: <21256@adm.BRL.MIL>
Date: 24 Oct 89 05:19:35 GMT
Sender: news@adm.BRL.MIL
Lines: 19


     
Chris Torek <chris@mimsy.umd.edu> writes:

>On all of the BSD derivatives on which setuid scripts run setuid,
>all such setuid scripts are not secure.

Ok Chris, so I could be wrong (it certainly wouldn't be the first time),
but please explain why.  How are they not secure (with proper planning)?
And how are they any more secure if they are first run from a C program
which exec's the shell?
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Dan Gosner				Internet: danl@midget.towson.edu
Operations Manager				  DGosner@TOE.TOWSON.EDU 
Towson State University			Bitnet:   DGosner@TOWSONVX
Academic Computing
Towson, Maryland  21204
   %% VMS pays the bills, but Unix is where my real work gets done. %%
***************************************************************************