Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!uakari.primate.wisc.edu!aplcen!wb3ffv!ka3ovk!raysnec!shwake
From: shwake@raysnec.UUCP (Ray Shwake)
Newsgroups: comp.unix.shell
Subject: Re: how to setuid for shell scripts on ultrix?
Message-ID: <144@raysnec.UUCP>
Date: 21 Nov 90 17:13:44 GMT
References: <25009@adm.brl.mil> <1990Nov15.181448.23231@mdivax1.uucp> <4438@auspex.auspex.com>
Organization: IRS/CI - Technical Solutions Branch
Lines: 14

guy@auspex.auspex.com (Guy Harris) writes:

>What actually happened is that due to a particular
>unclosable-without-"/dev/fd" security hole, Berkeley sent out a 4.xBSD
>patch to disable set-UID shell scripts, which some vendors have picked
>up.

	If that's the case, then why are they not supported by default on
	non-BSD systems (like System III and V)? For us, it's academic 
	since - when we *really* need to support setuid shell scripts as
	an alternative to providing higher-level access - we use a
	variant of 'setsh' - Wood & Kochan's "set shell" script found in
	_UNIX_System_Security_. Unlike the original, ours supports inter-
	active shell scripts.