Path: utzoo!utgpu!news-server.csri.toronto.edu!clyde.concordia.ca!uunet!samsung!sdd.hp.com!decwrl!sgi!vjs@rhyolite.wpd.sgi.com
From: vjs@rhyolite.wpd.sgi.com (Vernon Schryver)
Newsgroups: comp.sys.sgi
Subject: Re: setting SUID for scripts
Message-ID: <66083@sgi.sgi.com>
Date: 3 Aug 90 23:31:38 GMT
References: <9007292052.AA21084@ccu1.aukuni.ac.nz> <11086@odin.corp.sgi.com> <3795@auspex.auspex.com>
Sender: vjs@rhyolite.wpd.sgi.com
Organization: Silicon Graphics, Inc., Mountain View, CA
Lines: 24

In article <3795@auspex.auspex.com>, guy@auspex.auspex.com (Guy Harris) writes:
] >As far as I know, we have no intentions of completely dropping
] >support for setuid scripts, even if/when we pick up the V.4
] >features.
] 
] Given that S5R4 includes support for setuid scripts, complete with the
] "standard" fix for what is probably the most (in)famous security hole
...


How do you close the main hole without changing the shells themselves?
Given 3rd party shells such as bash and ksh, how do you close the hole?
What about "shells scripts" with an initial line like "#!/bin/make -f"?
(Yes, MAKEDEV is not suid.)

I'm referring to the hole caused by the shell reopening the file rather
than use the same FD that was validated by exec.c while it was parsing
#! line.

What is the "standard fix?"  Does it require /dev/{stdin,fd,etc}?


Vernon Schryver
vjs@sgi.com