Path: utzoo!utgpu!cs.utexas.edu!uunet!mcsun!cernvax!chx400!chx400!bernina!prl
From: prl@iis.ethz.ch (Peter Lamb)
Newsgroups: alt.sources
Subject: Re: sux, an enhancer for su
Keywords: sux, sure does
Message-ID: <prl.672649640@iis>
Date: 26 Apr 91 07:07:20 GMT
References: <462@frcs.UUCP> <1991Apr25.174534.13912@ux1.cso.uiuc.edu>
Sender: news@bernina.ethz.ch (USENET News System)
Organization: Swiss Federal Institute of Technology (ETH), Zurich, CH
Lines: 33
Nntp-Posting-Host: etzj-gw

peltz@cerl.uiuc.edu (Steve Peltz) writes:
>WILL work, wouldn't the following one-line shell script do just as well?

  N O O O O O O O O !!!!!!

>Maybe there's a reason; maybe the "groups" command is Sun specific or
>something...

  No.	

>Don't forget to change it to be owned by root and setuid and executable...

If I can execute a setuid root script I can become root (independent of
its contents). So can a very large range of other people. Some of them
not friendly enough to warn you about it.

>Sorry - not in shar format; why put in an extra 20 lines to wrap 2?

>#!/bin/sh
>groups | grep -s wheel && su $* || echo Sorry

Don't do it !

Don't install this script. Don't make it set{uid,gid}.

Setuid shell scripts are security holes!


--
Peter Lamb
uucp:  uunet!mcsun!ethz!prl	eunet: prl@iis.ethz.ch	Tel:   +411 256 5241
Integrated Systems Laboratory
ETH-Zentrum, 8092 Zurich