Xref: utzoo comp.unix.shell:919 comp.unix.ultrix:5356
Path: utzoo!censor!geac!torsqnt!news-server.csri.toronto.edu!cs.utexas.edu!rice!uupsi!sunic!lth.se!newsuser
From: magnus%thep.lu.se@Urd.lth.se (Magnus Olsson)
Newsgroups: comp.unix.shell,comp.unix.ultrix
Subject: Re: how to setuid for shell scripts on ultrix? (really: SETUID STRIPTS ARE A SECURITY HOLE)
Message-ID: <1990Nov16.121518.5644@lth.se>
Date: 16 Nov 90 12:15:18 GMT
References: <25009@adm.brl.mil> <1990Nov15.181448.23231@mdivax1.uucp> <6644@ethz.UUCP>
Sender: newsuser@lth.se (LTH network news server)
Organization: Theoretical Physics, Lund University, Sweden
Lines: 12

In article <6644@ethz.UUCP> prl@iis.UUCP (Peter Lamb) writes:
>	SETUID SHELL SCRIPTS ARE INHERENTLY A SECURITY HOLE!
>
>		You *CAN'T* make them hackerproof.

Why? 

Magnus Olsson                   | \e+      /_
Dept. of Theoretical Physics    |  \  Z   / q
University of Lund, Sweden      |   >----<           
Internet: magnus@thep.lu.se     |  /      \===== g
Bitnet: THEPMO@SELDC52          | /e-      \q