Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!zaphod.mps.ohio-state.edu!math.lsa.umich.edu!math.lsa.umich.edu!emv
From: maart@cs.vu.nl (Maarten Litmaath)
Newsgroups: comp.archives
Subject: [unix-questions] Re: How secure are shell scripts?
Message-ID: <1990Sep28.235418.21919@math.lsa.umich.edu>
Date: 28 Sep 90 23:54:18 GMT
Sender: emv@math.lsa.umich.edu (Edward Vielmetti)
Reply-To: maart@cs.vu.nl (Maarten Litmaath)
Followup-To: comp.unix.questions
Organization: VU Dept. of Computer Science, Amsterdam, The Netherlands
Lines: 19
Approved: emv@math.lsa.umich.edu (Edward Vielmetti)
X-Original-Newsgroups: comp.unix.questions

Archive-name: indir/28-Sep-90
Original-posting-by: maart@cs.vu.nl (Maarten Litmaath)
Original-subject: Re: How secure are shell scripts?
Archive-site: star.cs.vu.nl [192.31.231.42]
Archive-directory: /pub/maart
Reposted-by: emv@math.lsa.umich.edu (Edward Vielmetti)

In article <1446@svin02.info.win.tue.nl>,
	rcpieter@svin02.info.win.tue.nl (Tiggr) writes:
)...  A setuid shell
)script owned by root (world executable) enables ANY user to have a root shell
)by typing two commands.

You can prevent this by using the indir(1) package from the
comp.sources.unix archives.  Also available through anonymous ftp
from star.cs.vu.nl (192.31.231.42), directory pub/maart, which
contains various vi documents as well.
--
            "the C shell is flakier than a snowstorm."  (Guy Harris)