Path: utzoo!attcan!telly!problem!nyama!torag!aimed!geac!torsqnt!hybrid!scifi!bywater!uunet!news.uu.net!mcsun!ukc!strath-cs!ex-dcs!exua!JRowe From: JRowe@exua.exeter.ac.uk (John Rowe) Newsgroups: comp.unix.aix Subject: >>>>>>>VITAL warning on suid shell scripts <<<<<<<<<<<<<< Message-ID: Date: 14 May 91 16:30:08 GMT References: <9357.282caa94@jetson.uh.edu> <7513@awdprime.UUCP> Sender: JRowe@exua.exeter.ac.uk Organization: Computer Unit. - University of Exeter. UK Lines: 45 In-reply-to: dcm@codesmith.austin.ibm.com's message of 13 May 91 15:28:44 GMT I'm sure (I hope!) a lot of people will post to this but IT IS VITAL so please read: In article <7513@awdprime.UUCP> dcm@codesmith.austin.ibm.com (Craig Miller) writes: In article <9357.282caa94@jetson.uh.edu> elee4fg@jetson.uh.edu writes: > >1) csh does not support suid. If your csh suid scripts file has this > #!/bin/csh > It won't work. > Your need to do this in ksh Craig>> I believe this is not an AIXism but is a BSDism. The BSD4.3 Craig>> csh source I have access to does not support suid either. This Craig>> is documented, I believe. suid shell scripts are a well known security NIGHTMARE. It is VERY VERY simple to use one of these to gain TOTAL root access. I TRIED WITH KSH UNDER AIX 3.1 (no revs) AND IT WORKED. I, as an ordinary user, became root to do anything I liked. So please, warn every one you know never to allow suid shell scripts. This problem has been common knowledge for a long time but vendors are only now starting to worry about it. Of course it *may* have been fixed in later releases :-) You can look for suid programs with: find / -fstype f -perm -2000 -o -perm -4000 -print To find out if they are compiled programs or shell scripts try: find / -fstype f -perm -2000 -o -perm -4000 -exec file {} \; put the output into a file and look for 'commands' 'shell' 'text' etc. Sorry to come on so strong - what worries me is that Craig is from IBM at Austin... John Rowe Exeter University Computational Physics Group Exeter UK