Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!uwm.edu!cs.utexas.edu!usc!jarthur!elroy.jpl.nasa.gov!ames!sgi!shinobu!odin!anchor!olson
From: olson@anchor.esd.sgi.com (Dave Olson)
Newsgroups: comp.sys.sgi
Subject: Re: setting SUID for scripts
Message-ID: <11086@odin.corp.sgi.com>
Date: 30 Jul 90 03:04:17 GMT
References: <9007292052.AA21084@ccu1.aukuni.ac.nz>
Sender: news@odin.corp.sgi.com
Organization: Silicon Graphics, Inc.  Mountain View, CA
Lines: 28

In <9007292052.AA21084@ccu1.aukuni.ac.nz> russell@CCU1.AUKUNI.AC.NZ writes:


|  > 
|  > I am trying to set the SUID on a shell script.
|  > It appears beeing set with the ls command, but has no effect.
|  > Is it the case on this system that one can only SUID on programs,and not
|  > on scripts???
|  > 
| What release of Irix are you running? I beleive that SGI have done something
| that affects suid on shell scripts at 3.3. This is because it is a known
| loophole in unix security. At 3.3 I think that it is a kernal option and that
| it will be removed altogether at V.4. 

Yes, it is disabled by default as shipped, and the few shell scripts
in the release that required it were rewritten or replaced by
binaries.  See the variable 'nosuidshells' in /usr/sysgen/master.d/kernel.

As far as I know, we have no intentions of completely dropping
support for setuid scripts, even if/when we pick up the V.4
features.

In 3.2 setuid scripts were supported with no way to disable them.
--

	Dave Olson

Life would be so much easier if we could just look at the source code.