Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!vtserf!wizards!valdis
From: valdis@wizards.vt.edu (Valdis Kletnieks)
Newsgroups: comp.unix.internals
Subject: Re: how to setuid for shell scripts?
Message-ID: <633@vtserf.cc.vt.edu>
Date: 15 Nov 90 22:05:44 GMT
References: <25009@adm.brl.mil>
Sender: news@vtserf.cc.vt.edu
Reply-To: valdis@wizards.vt.edu (Valdis Kletnieks)
Organization: Virginia Polytechnic Institute and State University
Lines: 23

In article <25009@adm.brl.mil>, K390590%AEARN@pucc.princeton.edu ( Steinparz Franz) writes:
|> Could someone give me advice how to make a shell script which inherits
|> its access rights from its owner as this is done by set uid for regular
|> programs. Just setting the set uid bit via CHMOD 06xxx does not work
|> on vax under ultrix.

You don't want to do this.  Setuid shell scripts are a Bad Thing.

The security leaks are ENORMOUS - it takes *ANY* user a whole
whopping 3 or 4 commands to get a full-function interactive shell
running under the UID the shell is set-UID to.

I won't give full details, other than to say - how does csh know
to run .login for a login shell, but not a subshell?  Now think
about .login for a while......

(Hint - the shell checks argv[0] for a '-')...

Full details are left as an excersize for the student.

				Valdis Kletnieks
				Computer Systems Engineer
				Virginia Tech