Path: utzoo!utgpu!cs.utexas.edu!uunet!spool.mu.edu!news.cs.indiana.edu!ux1.cso.uiuc.edu!peltz
From: peltz@cerl.uiuc.edu (Steve Peltz)
Newsgroups: alt.sources.d
Subject: Re: sux, an enhancer for su
Message-ID: <1991Apr26.223337.1638@ux1.cso.uiuc.edu>
Date: 26 Apr 91 22:33:37 GMT
References: <462@frcs.UUCP> <1991Apr25.174534.13912@ux1.cso.uiuc.edu>
Sender: usenet@ux1.cso.uiuc.edu (News)
Organization: UIUC Computer-based Education Research Lab
Lines: 40

Yeah, yeah, enough already! Heck, I posted that a setuid script wasn't a good
idea even before anyone responded to me (other than e-mail complaining that it
wasn't source in alt.sources).

However, I do have one question regarding security (and lack thereof) in a
sh script.

The two major problems pointed out to me were that I assumed the path to
various programs, and that IFS can be set on a sh script.

However, I do notice that, at least in the version of sh on this Sun, if I
enter:

IFS=

it will do the expected thing REGARDLESS of what the IFS already is. After
that, of course, I'll set:

PATH=/bin:/usr/ucb

and be done with it.

The only other security hole pointed out to me was more generic to any script,
not just a particular flavor of shell.

My other answer to making such a script secure would be to make it executable
only by group wheel. Since it is intended to allow anyone in group wheel to
execute it, there is no (additional) security problem.

All that aside, the main problem with my script is that it only sets the
effective uid, and I suspect that most su implementations require the
real uid to be set to root as well.

Thanks to everyone who took the time to politely (or not so politely) remind
me of the various problems with shell scripts. I apologize for not thinking
a bit more about the issues before posting a what seemed to be a simple
solution.
--
Steve Peltz
Internet: peltz@cerl.uiuc.edu	PLATO/NovaNET: peltz/s/cerl