Path: utzoo!utgpu!watserv1!watmath!att!dptg!ulysses!andante!mit-eddie!bloom-beacon!eru!hagbard!sunic!mcsun!hp4nl!star.cs.vu.nl!maart
From: maart@cs.vu.nl (Maarten Litmaath)
Newsgroups: comp.unix.shell
Subject: Re: SETUID STRIPTS ARE A SECURITY HOLE
Message-ID: <8350@star.cs.vu.nl>
Date: 27 Nov 90 18:31:45 GMT
References: <1990Nov15.181448.23231@mdivax1.uucp> <6644@ethz.UUCP> <1990Nov16.121518.5644@lth.se> <108862@convex.convex.com> <1990Nov27.100200.26406@hollie.rdg.dec.com>
Sender: news@cs.vu.nl
Reply-To: maart@cs.vu.nl (Maarten Litmaath)
Organization: VU Dept. of Computer Science, Amsterdam, The Netherlands
Lines: 25

In article <1990Nov27.100200.26406@hollie.rdg.dec.com>,
	jch@dyfed.rdg.dec.com (John Haxby) writes:
)...
)This works, and prevents any symbolic link diversion:
)
)-----------------
)#!/bin/sh /usr/local/bin/zot
)
): do something suid
)echo $0 $*
)-----------------

The problem: currently only the first 32 characters of a `#!' line are
effective, so this won't work:

	#!/bin/sh /usr/local/bin/supercalifragilisticexpialidocious (*)

One of the reasons I wrote `indir'.

(*) Courtesy of Henry Spencer.  :-)
--
"Please DON'T BREAK THE CHAIN!  Terry Wood broke the chain and ended up
writing COBOL PROGRAMS.  Three days later, he found his Blue Star Tatoo
Letter, made 20 copies and mailed them out.  He found a good job writing
compilers."  --  tjw@unix.cis.pitt.edu (Terry J. Wood)