Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!mcsun!hp4nl!star.cs.vu.nl!maart From: maart@cs.vu.nl (Maarten Litmaath) Newsgroups: comp.unix.questions Subject: Re: How secure are shell scripts? (summary) Message-ID: <7937@star.cs.vu.nl> Date: 12 Oct 90 15:40:55 GMT References: <15059@hydra.gatech.EDU> Sender: news@cs.vu.nl Reply-To: maart@cs.vu.nl (Maarten Litmaath) Organization: VU Dept. of Computer Science, Amsterdam, The Netherlands Lines: 36 In article <15059@hydra.gatech.EDU>, gt0178a@prism.gatech.EDU (Jim Burns) writes: )in article , ) jim@cs.strath.ac.uk (Jim Reid) says: ) )> The hack by HP is precisely that: a hack. It fixes one or two possible )> problems, but not them all. (For instance doing naughty things with )> (symbolic) links to the setuid shell script or replacing the file as )> it is being exec'ed....) The end result of that is a false illusion )> that setuid ksh scripts are secure. Misguided individuals then make ) )The first problem can be handled by starting w/'#!/bin/ksh -'. That's _not_ enough. )As for the )second, I personally don't have the patience to sit there at adjoining )terminals and try to swap files fast enough. Why wouldn't you write a little C program or even a shell script? Jeez! )It's like securing your car )or home - all you can do is make it harder, not impossible. If it isn't )setuid scripts that are being exploited, it will be something else. No excuse for a lame quasi-solution. These are _real_ solutions: - write a C program instead; - use a dispatcher that tries to locate the requested service in a database of setuid scripts; - use my `indir' pseudo interpreter front end; - acquire a UNIX version that's got the /dev/fd driver and uses that to launch the script. -- "the C shell is flakier than a snowstorm." (Guy Harris)