Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!ucsd!ucbvax!hplabs!hpcc01!hpdmd48!markw
From: markw@hpdmd48.boi.hp.com (Mark Wolfe)
Newsgroups: comp.unix.questions
Subject: Suid script security
Message-ID: <14920003@hpdmd48.boi.hp.com>
Date: 9 Aug 90 15:10:46 GMT
Organization: Hewlett Packard - Boise, ID
Lines: 27


    I know that suid scripts are a bad idea from reading comp.questions and
comp.wizards over the last year or so. It seems that just about every guru
in the world has posted a warning NOT to do it, so I decided I would follow
the advice (it's a rare subject that all guru's agree on). However, it appears
that I'm now about to have one of these ugly animals forced on me from above,
so I'd like some advice:

 1)  Just what are the security risks involved? (i.e. how would someone attack
     a system via one of these).

 2)  What can I do to make this as secure as possible?

    I know these questions have been asked and answered before on the net, but
I didn't save the notes because as I said before, I'd just planned never to do
it.

    Please help. If the answers are too sensitive (especially for no. 1), please
email your answers. 

markw@hpbs1529.boi.hp.com

Mark

    Always remember: where ever you go...there you are.

     - Buckaroo Bonzai