Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!uwm.edu!gem.mps.ohio-state.edu!sunybcs!rutgers!att!cbnewsc!tjr
From: tjr@cbnewsc.ATT.COM (thomas.j.roberts)
Newsgroups: comp.unix.questions
Subject: Re: setuid shell scripts (was: Re: Running processes as root)
Message-ID: <4077@cbnewsc.ATT.COM>
Date: 25 Oct 89 17:20:35 GMT
References: <3806@solo7.cs.vu.nl>
Organization: AT&T Bell Laboratories
Lines: 27

From article <3806@solo7.cs.vu.nl>, by maart@cs.vu.nl (Maarten Litmaath):
> terryl@tekcrl.LABS.TEK.COM writes:
> 
> Yeah, one must use the #! mechanism; SO WHAT!?  I never denied that!
> And I showed how safe setuid scripts (NOTE: Chris didn't even say *shell*
> scripts) could be created.  You want an example?  Right, put the following
> in a file /etc/fubar:
> 
> 	#!/bin/sh /etc/fubar
> 	echo "Am I right or am I right?"
> 
> You're a pretty smart fellow if you can break this one (or you're root).

I run on System V, and have never used #!. However, I believe this approach
will cause serious problems:
	set IFS=c, and place an appropriate program named "e" into
	your path. The shell will execute "e" with argument 'ho Am I ...?'.

This is only one of many problems with SUID shell scripts. Fooling around
with PATH, IFS, PS1 and other internally-used environment variables can
cause the shell to do unexpected things. The problems with SUID shell-scripts
are inherent, given the tremendous complexity of the shell - even if you 
modify the shell to close all of the known "SUID holes", you will never
know when you have found them all.

Tom Roberts
att!ihnet!tjr