Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!execu!sequoia!rpp386!jfh
From: jfh@rpp386.cactus.org (John F. Haugh II)
Newsgroups: comp.unix.internals
Subject: Re: how to setuid for shell scripts?
Message-ID: <18736@rpp386.cactus.org>
Date: 17 Nov 90 01:07:32 GMT
References: <25009@adm.brl.mil> <633@vtserf.cc.vt.edu>
Reply-To: jfh@rpp386.cactus.org (John F. Haugh II)
Organization: Lone Star Cafe and BBS Service
Lines: 22
X-Clever-Slogan: Recycle or Die.

In article <633@vtserf.cc.vt.edu> valdis@wizards.vt.edu (Valdis Kletnieks) writes:
>You don't want to do this.  Setuid shell scripts are a Bad Thing.
>
>The security leaks are ENORMOUS - it takes *ANY* user a whole
>whopping 3 or 4 commands to get a full-function interactive shell
>running under the UID the shell is set-UID to.

There are giant holes in the =traditional= method of implementing
setuid shell scripts, this does not mean that there are giant
holes in =every= implementation.

I have, however, yet to be convinced that any vendor has a
reasonable implementation of set-UID shell scripts out there.

The most common reason for vendors continuing to provide
set-UID scripts is that the customers don't understand the
risks well enough to not clamor for the feature.
-- 
John F. Haugh II                             UUCP: ...!cs.utexas.edu!rpp386!jfh
Ma Bell: (512) 832-8832                           Domain: jfh@rpp386.cactus.org
"SCCS, the source motel!  Programs check in and never check out!"
		-- Ken Thompson