Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!mcsun!ukc!strath-cs!baird!jim
From: jim@cs.strath.ac.uk (Jim Reid)
Newsgroups: comp.unix.questions
Subject: Re: How secure are shell scripts? (summary)
Message-ID: <JIM.90Oct11150613@baird.cs.strath.ac.uk>
Date: 11 Oct 90 14:06:13 GMT
References: <1576@sirius.ucs.adelaide.edu.au> <14885@hydra.gatech.EDU>
Sender: jim@cs.strath.ac.uk
Organization: Computer Science Dept., Strathclyde Univ., Glasgow, Scotland.
Lines: 19
In-reply-to: gt0178a@prism.gatech.EDU's message of 10 Oct 90 06:43:36 GMT

In article <14885@hydra.gatech.EDU> gt0178a@prism.gatech.EDU (Jim Burns) writes:
   Note that setuid ksh scripts on HP-UX 7.0 do an automatic 'set -p'
   (protected) which, among other things, resets the PATH to something more
   trusted (/bin and /usr/bin) and disables sourcing $ENV. This happens
   whenever euid != uid. Doesn't solve all the problems, but it is a step in
   the right direction.

I disagree.

The hack by HP is precisely that: a hack. It fixes one or two possible
problems, but not them all. (For instance doing naughty things with
(symbolic) links to the setuid shell script or replacing the file as
it is being exec'ed....) The end result of that is a false illusion
that setuid ksh scripts are secure. Misguided individuals then make
use of them, thinking the scripts are secure when in fact the scripts
are only marginally safer than if they were executed by the Bourne or
C shells. (Which is nothing to be proud about.)

		Jim