Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!mcsun!hp4nl!star.cs.vu.nl!maart
From: maart@cs.vu.nl (Maarten Litmaath)
Newsgroups: comp.unix.questions
Subject: Re: How secure are shell scripts?
Message-ID: <7782@star.cs.vu.nl>
Date: 28 Sep 90 17:42:00 GMT
References: <1511@sirius.ucs.adelaide.edu.au> <1446@svin02.info.win.tue.nl>
Sender: news@cs.vu.nl
Reply-To: maart@cs.vu.nl (Maarten Litmaath)
Organization: VU Dept. of Computer Science, Amsterdam, The Netherlands
Lines: 12

In article <1446@svin02.info.win.tue.nl>,
	rcpieter@svin02.info.win.tue.nl (Tiggr) writes:
)...  A setuid shell
)script owned by root (world executable) enables ANY user to have a root shell
)by typing two commands.

You can prevent this by using the indir(1) package from the
comp.sources.unix archives.  Also available through anonymous ftp
from star.cs.vu.nl (192.31.231.42), directory pub/maart, which
contains various vi documents as well.
--
            "the C shell is flakier than a snowstorm."  (Guy Harris)